| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Nov 2016 23:20:49 +0100
From: Borislav Petkov <bp@...en8.de>
To: David Howells <dhowells@...hat.com>
Cc: keyrings@...r.kernel.org, matthew.garrett@...ula.com,
linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 01/16] Add the ability to lock down access to the running
kernel image
On Wed, Nov 16, 2016 at 09:47:24PM +0000, David Howells wrote:
> Provide a single call to allow kernel code to determine whether the system
> should be locked down, thereby disallowing various accesses that might
> allow the running kernel image to be changed including the loading of
> modules that aren't validly signed with a key we recognise, fiddling with
> MSR registers and disallowing hibernation,
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> ---
...
> +/**
> + * kernel_is_locked_down - Find out if the kernel is locked down
> + */
> +bool kernel_is_locked_down(void)
> +{
> + return kernel_locked_down;
> +}
> +EXPORT_SYMBOL(kernel_locked_down);
Surely
EXPORT_SYMBOL(kernel_is_locked_down);
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists