Re: [PATCH 3/5] Add the ability to lock down access to the running kernel image

From: James Morris
Date: Thu Apr 06 2017 - 18:46:14 EST

Next message: Johannes Berg: "Re: [PATCH] mac80211: Fix clang warning about constant operand in logical operation"
Previous message: Matthias Kaehlcke: "Re: [PATCH] mac80211: Fix clang warning about constant operand in logical operation"
In reply to: David Howells: "[PATCH 3/5] Add the ability to lock down access to the running kernel image"
Next in thread: David Howells: "[PATCH 4/5] efi: Lock down the kernel if booted in secure boot mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 6 Apr 2017, David Howells wrote:

> Provide a single call to allow kernel code to determine whether the system
> should be locked down, thereby disallowing various accesses that might
> allow the running kernel image to be changed including the loading of
> modules that aren't validly signed with a key we recognise, fiddling with
> MSR registers and disallowing hibernation,
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>

Acked-by: James Morris <james.l.morris@xxxxxxxxxx>

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Johannes Berg: "Re: [PATCH] mac80211: Fix clang warning about constant operand in logical operation"
Previous message: Matthias Kaehlcke: "Re: [PATCH] mac80211: Fix clang warning about constant operand in logical operation"
In reply to: David Howells: "[PATCH 3/5] Add the ability to lock down access to the running kernel image"
Next in thread: David Howells: "[PATCH 4/5] efi: Lock down the kernel if booted in secure boot mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]