lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHC9VhS3qY=+DVYqzkgbHLETUo4KgQ17qr_BC3pn9TeG+cr8Mg@mail.gmail.com>
Date: Thu, 17 Jul 2025 14:22:04 -0400
From: Paul Moore <paul@...l-moore.com>
To: Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com>, 
	Nicolas Bouchinet <nicolas.bouchinet@....cyber.gouv.fr>, Xiu Jianfeng <xiujianfeng@...wei.com>
Cc: linux-kernel@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>, 
	James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, 
	Yue Haibing <yuehaibing@...wei.com>, Tanya Agarwal <tanyaagarwal25699@...il.com>, 
	Kees Cook <kees@...nel.org>, linux-efi@...r.kernel.org, 
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH 0/2] Secure Boot lock down

On Wed, Jul 16, 2025 at 5:29 PM Hamza Mahfooz
<hamzamahfooz@...ux.microsoft.com> wrote:
>
> Ping?

Adding the new Lockdown maintainers to the To/CC line for review in
case they missed it earlier.  For reference, the patchset can be found
at the lore link below:

https://lore.kernel.org/linux-security-module/1750975839-32463-1-git-send-email-hamzamahfooz@linux.microsoft.com/

> On Thu, Jun 26, 2025 at 03:10:37PM -0700, Hamza Mahfooz wrote:
> > All major distros have had carried a version of this patch-set
> > out of tree for sometime now, but with a bunch of magic (typically
> > sprinkled in setup_arch()). Though we can avoid those architecture
> > specific quirks if we call efi_get_secureboot_mode() from
> > efisubsys_init() and that allows us to have a generic solution.
> >
> > Hamza Mahfooz (2):
> >   security: introduce security_lock_kernel_down()
> >   efi: introduce EFI_KERNEL_LOCK_DOWN_IN_SECURE_BOOT
> >
> >  drivers/firmware/efi/Kconfig  | 10 ++++++++++
> >  drivers/firmware/efi/efi.c    |  9 +++++++++
> >  include/linux/lsm_hook_defs.h |  1 +
> >  include/linux/security.h      |  8 ++++++++
> >  security/lockdown/lockdown.c  |  1 +
> >  security/security.c           | 15 +++++++++++++++
> >  6 files changed, 44 insertions(+)

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ