Re: [PATCH 01/16] Add the ability to lock down access to the running kernel image

From: Borislav Petkov
Date: Wed Nov 16 2016 - 17:21:23 EST

Next message: Stephen Boyd: "Re: [PATCH] nvmem: qfprom: Fix to support single byte read/write"
Previous message: Bjorn Helgaas: "Re: [PATCH 1/2] pci: pcie-designware: Change Maintenance"
In reply to: David Howells: "[PATCH 01/16] Add the ability to lock down access to the running kernel image"
Next in thread: David Howells: "Re: [PATCH 01/16] Add the ability to lock down access to the running kernel image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 16, 2016 at 09:47:24PM +0000, David Howells wrote:
> Provide a single call to allow kernel code to determine whether the system
> should be locked down, thereby disallowing various accesses that might
> allow the running kernel image to be changed including the loading of
> modules that aren't validly signed with a key we recognise, fiddling with
> MSR registers and disallowing hibernation,
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> ---

...

> +/**
> + * kernel_is_locked_down - Find out if the kernel is locked down
> + */
> +bool kernel_is_locked_down(void)
> +{
> + return kernel_locked_down;
> +}
> +EXPORT_SYMBOL(kernel_locked_down);

Surely

EXPORT_SYMBOL(kernel_is_locked_down);

--
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Next message: Stephen Boyd: "Re: [PATCH] nvmem: qfprom: Fix to support single byte read/write"
Previous message: Bjorn Helgaas: "Re: [PATCH 1/2] pci: pcie-designware: Change Maintenance"
In reply to: David Howells: "[PATCH 01/16] Add the ability to lock down access to the running kernel image"
Next in thread: David Howells: "Re: [PATCH 01/16] Add the ability to lock down access to the running kernel image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]