Re: [PATCH 01/27] Add the ability to lock down access to the running kernel image

From: James Morris
Date: Fri Oct 20 2017 - 19:20:04 EST


On Thu, 19 Oct 2017, David Howells wrote:

> Provide a single call to allow kernel code to determine whether the system
> should be locked down, thereby disallowing various accesses that might
> allow the running kernel image to be changed including the loading of
> modules that aren't validly signed with a key we recognise, fiddling with
> MSR registers and disallowing hibernation,
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>


Acked-by: James Morris <james.l.morris@xxxxxxxxxx>


--
James Morris
<james.l.morris@xxxxxxxxxx>