git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Mon, 21 Nov 2016 23:36:17 +0000 (23:36 +0000)
committer	Seth Forshee <seth.forshee@canonical.com>
	Tue, 5 Sep 2017 12:33:56 +0000 (07:33 -0500)
commit	99f9ef18d5b6540b610f4b097d53e1af604081ad
tree	a359132cc6e65b35a0001b02e6c9e9dba60b1908	tree
parent	af123821a9879484d76f9ee48c56518a2422e8ea	commit \| diff

UBUNTU: SAUCE: (efi-lockdown) Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR registers and disallowing hibernation,

Signed-off-by: David Howells <dhowells@redhat.com>
(cherry picked from commit a6b8c6722739e360f2587d67c0977e264ade1024
git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

include/linux/kernel.h		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
security/Kconfig		diff \| blob \| blame \| history
security/Makefile		diff \| blob \| blame \| history
security/lock_down.c	[new file with mode: 0644]	blob