Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Sep 24, 2020. It is now read-only.

Rebase patches onto 4.13.15 #110

Merged
merged 24 commits into from
Nov 22, 2017
Merged

Rebase patches onto 4.13.15 #110

Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
3aba70b
efi: Add EFI_SECURE_BOOT bit
Nov 21, 2016
b4a3a20
Add the ability to lock down access to the running kernel image
dhowells Nov 21, 2016
8aebfe3
efi: Lock down the kernel if booted in secure boot mode
dhowells Nov 21, 2016
c0e5d82
Enforce module signatures if the kernel is locked down
dhowells Nov 23, 2016
77e6c38
Restrict /dev/mem and /dev/kmem when the kernel is locked down
Nov 22, 2016
91141d1
kexec: Disable at runtime if the kernel is locked down
Nov 22, 2016
1d15fbf
Copy secure_boot flag in boot params across kexec reboot
daveyoung Nov 22, 2016
892424e
kexec_file: Disable at runtime if securelevel has been set
Nov 23, 2016
1e6be78
hibernate: Disable when the kernel is locked down
Nov 22, 2016
8f81c0c
uswsusp: Disable when the kernel is locked down
mjg59 Nov 23, 2016
49587ab
PCI: Lock down BAR access when the kernel is locked down
Nov 22, 2016
655e161
x86: Lock down IO port access when the kernel is locked down
Nov 22, 2016
c0a701d
x86: Restrict MSR access when the kernel is locked down
Nov 22, 2016
39393da
asus-wmi: Restrict debugfs interface when the kernel is locked down
Nov 22, 2016
637a86e
ACPI: Limit access to custom_method when the kernel is locked down
Nov 22, 2016
da05ae0
acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
jwboyer Nov 22, 2016
bfa92c8
acpi: Disable ACPI table override if the kernel is locked down
Nov 23, 2016
92945af
acpi: Disable APEI error injection if the kernel is locked down
Nov 23, 2016
5ee4118
bpf: Restrict kernel image access functions when the kernel is locked…
joeyli Nov 23, 2016
05b3bf7
scsi: Lock down the eata driver
dhowells Nov 22, 2016
4e8f5c1
Prohibit PCMCIA CIS storage when the kernel is locked down
dhowells Nov 25, 2016
e92b61c
Lock down TIOCSSERIAL
dhowells Dec 7, 2016
7138866
kbuild: derive relative path for KBUILD_SRC from CURDIR
Nov 25, 2015
d5044e5
Add arm64 coreos verity hash
glevand Nov 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Enforce module signatures if the kernel is locked down 
If the kernel is locked down, require that all modules have valid
signatures that we can verify.

Signed-off-by: David Howells <[email protected]>
  • Loading branch information
@dhowells
dhowells authored and Jenkins OS committed Nov 22, 2017
commit c0e5d82ebb4d29cb14edc984806cb38459fcf111
2 changes: 1 addition & 1 deletion kernel/module.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2781,7 +2781,7 @@ static int module_sig_check(struct load_info *info, int flags)
}

/* Not having a signature is only an error if we're strict. */
if (err == -ENOKEY && !sig_enforce)
if (err == -ENOKEY && !sig_enforce && !kernel_is_locked_down())
err = 0;

return err;
Expand Down