UBUNTU: SAUCE: (efi-lockdown) Add the ability to lock down access to the running...

[mirror_ubuntu-bionic-kernel.git] / security / Kconfig

diff --git a/security/Kconfig b/security/Kconfig
index b13441d6f8c35bb68c95a33cfaf045e8ca2e2469..3ccbad15da914f6315f90a3a916747b04ef18397 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -225,6 +225,14 @@ config STATIC_USERMODEHELPER_PATH
          If you wish for all usermode helper programs to be disabled,
          specify an empty string here (i.e. "").
 
+config LOCK_DOWN_KERNEL
+       bool "Allow the kernel to be 'locked down'"
+       help
+         Allow the kernel to be locked down under certain circumstances, for
+         instance if UEFI secure boot is enabled.  Locking down the kernel
+         turns off various features that might otherwise allow access to the
+         kernel image (eg. setting MSR registers).
+
 source security/selinux/Kconfig
 source security/smack/Kconfig
 source security/tomoyo/Kconfig