-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge feature/secure-boot-lockdown/6.6 into v6.6.47
* commit '8bbb6780deb56560af81a3bacd59aaf48714240e': mtd: phram,slram: Disable when the kernel is locked down efi: Lock down the kernel if booted in secure boot mode efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode arm64: add kernel config option to lock down when in Secure Boot mode
- Loading branch information
Showing
12 changed files
with
118 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
|
||
/* Core kernel secure boot support. | ||
* | ||
* Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. | ||
* Written by David Howells (dhowells@redhat.com) | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public Licence | ||
* as published by the Free Software Foundation; either version | ||
* 2 of the Licence, or (at your option) any later version. | ||
*/ | ||
|
||
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | ||
|
||
#include <linux/efi.h> | ||
#include <linux/kernel.h> | ||
#include <linux/printk.h> | ||
#include <linux/security.h> | ||
|
||
/* | ||
* Decide what to do when UEFI secure boot mode is enabled. | ||
*/ | ||
void __init efi_set_secure_boot(enum efi_secureboot_mode mode) | ||
{ | ||
if (efi_enabled(EFI_BOOT)) { | ||
switch (mode) { | ||
case efi_secureboot_mode_disabled: | ||
pr_info("Secure boot disabled\n"); | ||
break; | ||
case efi_secureboot_mode_enabled: | ||
set_bit(EFI_SECURE_BOOT, &efi.flags); | ||
#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT | ||
lock_kernel_down("EFI Secure Boot", | ||
LOCKDOWN_INTEGRITY_MAX); | ||
#endif | ||
pr_info("Secure boot enabled\n"); | ||
break; | ||
default: | ||
pr_warn("Secure boot could not be determined (mode %u)\n", | ||
mode); | ||
break; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters