Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown

From: Thiago Jung Bauermann
Date: Tue Nov 07 2017 - 12:39:20 EST

Next message: Kees Cook: "[PATCH v2 2/3] Makefile: Move stack-protector availability out of Kconfig"
Previous message: Kees Cook: "[PATCH v2 0/3] Makefile: Introduce CONFIG_CC_STACKPROTECTOR_AUTO"
Next in thread: David Howells: "Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello David,

David Howells <dhowells@xxxxxxxxxx> writes:
> +static struct sysrq_key_op lockdown_lift_sysrq_op = {
> + .handler = sysrq_handle_lockdown_lift,
> + .help_msg = "unSB(x)",
> + .action_msg = "Disabling Secure Boot restrictions",
> + .enable_mask = SYSRQ_DISABLE_USERSPACE,
> +};
> +
> +static int __init lockdown_lift_sysrq(void)
> +{
> + if (kernel_locked_down) {
> + lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
> + register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op);
> + }
> + return 0;
> +}
> +
> +late_initcall(lockdown_lift_sysrq);
> +
> +#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY */

On non-x86 platforms (tested on powerpc) this fails to build with:

security/lock_down.c: In function âlockdown_lift_sysrqâ:
security/lock_down.c:100:40: error: âLOCKDOWN_LIFT_KEYâ undeclared (first use in this function)
lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
^~~~~~~~~~~~~~~~~
security/lock_down.c:100:40: note: each undeclared identifier is reported only once for each function it appears in

--
Thiago Jung Bauermann
IBM Linux Technology Center

Next message: Kees Cook: "[PATCH v2 2/3] Makefile: Move stack-protector availability out of Kconfig"
Previous message: Kees Cook: "[PATCH v2 0/3] Makefile: Introduce CONFIG_CC_STACKPROTECTOR_AUTO"
Next in thread: David Howells: "Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]