From: Matthew Garrett <matthewgarrett@google.com> To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Dave Young <dyoung@redhat.com>, David Howells <dhowells@redhat.com>, Matthew Garrett <mjg59@google.com>, kexec@lists.infradead.org Subject: [PATCH V34 07/29] Copy secure_boot flag in boot params across kexec reboot Date: Fri, 21 Jun 2019 17:03:36 -0700 [thread overview] Message-ID: <20190622000358.19895-8-matthewgarrett@google.com> (raw) In-Reply-To: <20190622000358.19895-1-matthewgarrett@google.com> From: Dave Young <dyoung@redhat.com> Kexec reboot in case secure boot being enabled does not keep the secure boot mode in new kernel, so later one can load unsigned kernel via legacy kexec_load. In this state, the system is missing the protections provided by secure boot. Adding a patch to fix this by retain the secure_boot flag in original kernel. secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the stub. Fixing this issue by copying secure_boot flag across kexec reboot. Signed-off-by: Dave Young <dyoung@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> cc: kexec@lists.infradead.org --- arch/x86/kernel/kexec-bzimage64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 22f60dd26460..4243359ac509 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -182,6 +182,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr, if (efi_enabled(EFI_OLD_MEMMAP)) return 0; + params->secure_boot = boot_params.secure_boot; ei->efi_loader_signature = current_ei->efi_loader_signature; ei->efi_systab = current_ei->efi_systab; ei->efi_systab_hi = current_ei->efi_systab_hi; -- 2.22.0.410.gd8fdbe21b5-goog
WARNING: multiple messages have this Message-ID (diff)
From: Matthew Garrett <matthewgarrett@google.com> To: jmorris@namei.org Cc: linux-api@vger.kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Matthew Garrett <mjg59@google.com>, David Howells <dhowells@redhat.com>, linux-security-module@vger.kernel.org, Dave Young <dyoung@redhat.com> Subject: [PATCH V34 07/29] Copy secure_boot flag in boot params across kexec reboot Date: Fri, 21 Jun 2019 17:03:36 -0700 [thread overview] Message-ID: <20190622000358.19895-8-matthewgarrett@google.com> (raw) In-Reply-To: <20190622000358.19895-1-matthewgarrett@google.com> From: Dave Young <dyoung@redhat.com> Kexec reboot in case secure boot being enabled does not keep the secure boot mode in new kernel, so later one can load unsigned kernel via legacy kexec_load. In this state, the system is missing the protections provided by secure boot. Adding a patch to fix this by retain the secure_boot flag in original kernel. secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the stub. Fixing this issue by copying secure_boot flag across kexec reboot. Signed-off-by: Dave Young <dyoung@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> cc: kexec@lists.infradead.org --- arch/x86/kernel/kexec-bzimage64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 22f60dd26460..4243359ac509 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -182,6 +182,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr, if (efi_enabled(EFI_OLD_MEMMAP)) return 0; + params->secure_boot = boot_params.secure_boot; ei->efi_loader_signature = current_ei->efi_loader_signature; ei->efi_systab = current_ei->efi_systab; ei->efi_systab_hi = current_ei->efi_systab_hi; -- 2.22.0.410.gd8fdbe21b5-goog _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2019-06-22 0:04 UTC|newest] Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-06-22 0:03 [PATCH V34 00/29] Lockdown as an LSM Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 01/29] security: Support early LSMs Matthew Garrett 2019-06-22 23:36 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 02/29] security: Add a "locked down" LSM hook Matthew Garrett 2019-06-22 23:37 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 03/29] security: Add a static lockdown policy LSM Matthew Garrett 2019-06-22 23:37 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 04/29] Enforce module signatures if the kernel is locked down Matthew Garrett 2019-06-22 23:48 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 05/29] Restrict /dev/{mem,kmem,port} when " Matthew Garrett 2019-06-22 23:52 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 06/29] kexec_load: Disable at runtime if " Matthew Garrett 2019-06-22 0:03 ` Matthew Garrett 2019-06-22 23:52 ` Kees Cook 2019-06-22 23:52 ` Kees Cook 2019-06-22 0:03 ` Matthew Garrett [this message] 2019-06-22 0:03 ` [PATCH V34 07/29] Copy secure_boot flag in boot params across kexec reboot Matthew Garrett 2019-06-22 23:53 ` Kees Cook 2019-06-22 23:53 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE Matthew Garrett 2019-06-22 0:03 ` Matthew Garrett 2019-06-24 2:01 ` Dave Young 2019-06-24 2:01 ` Dave Young 2019-06-25 2:35 ` Dave Young 2019-06-25 2:35 ` Dave Young 2019-06-22 0:03 ` [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down Matthew Garrett 2019-06-22 0:03 ` Matthew Garrett 2019-06-22 0:03 ` Matthew Garrett 2019-06-22 23:54 ` Kees Cook 2019-06-22 23:54 ` Kees Cook 2019-06-27 4:59 ` James Morris 2019-06-27 4:59 ` James Morris 2019-06-27 15:28 ` Matthew Garrett 2019-06-27 15:28 ` Matthew Garrett 2019-06-27 18:14 ` James Morris 2019-06-27 18:14 ` James Morris 2019-06-27 18:14 ` James Morris 2019-06-27 23:17 ` Matthew Garrett 2019-06-27 23:17 ` Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 10/29] hibernate: Disable when " Matthew Garrett 2019-06-22 17:52 ` Pavel Machek 2019-06-24 13:21 ` Jiri Kosina 2019-07-10 15:26 ` Joey Lee 2019-07-10 15:26 ` Joey Lee 2019-07-11 4:11 ` joeyli 2019-06-22 23:55 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 11/29] PCI: Lock down BAR access " Matthew Garrett 2019-06-22 23:55 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 12/29] x86: Lock down IO port " Matthew Garrett 2019-06-22 23:58 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 13/29] x86/msr: Restrict MSR " Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 14/29] ACPI: Limit access to custom_method " Matthew Garrett 2019-06-22 23:59 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been " Matthew Garrett 2019-06-22 23:59 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 16/29] acpi: Disable ACPI table override if the kernel is " Matthew Garrett 2019-06-22 0:03 ` Matthew Garrett 2019-06-23 0:00 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 17/29] Prohibit PCMCIA CIS storage when " Matthew Garrett 2019-06-23 0:00 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 18/29] Lock down TIOCSSERIAL Matthew Garrett 2019-06-23 0:01 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 19/29] Lock down module params that specify hardware parameters (eg. ioport) Matthew Garrett 2019-06-23 0:04 ` Kees Cook 2019-06-27 1:49 ` Daniel Axtens 2019-06-27 15:30 ` Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 20/29] x86/mmiotrace: Lock down the testmmiotrace module Matthew Garrett 2019-06-23 0:04 ` Kees Cook 2019-06-23 11:08 ` Thomas Gleixner 2019-06-22 0:03 ` [PATCH V34 21/29] Lock down /proc/kcore Matthew Garrett 2019-06-23 0:05 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 22/29] Lock down tracing and perf kprobes when in confidentiality mode Matthew Garrett 2019-06-23 0:09 ` Kees Cook 2019-06-23 1:57 ` Masami Hiramatsu 2019-06-22 0:03 ` [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is " Matthew Garrett 2019-06-23 0:09 ` Kees Cook 2019-06-24 15:15 ` Daniel Borkmann 2019-06-24 19:54 ` Matthew Garrett 2019-06-24 20:08 ` Andy Lutomirski 2019-06-24 20:15 ` Matthew Garrett 2019-06-24 20:59 ` Daniel Borkmann 2019-06-24 21:30 ` Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 24/29] Lock down perf when " Matthew Garrett 2019-06-23 0:12 ` Kees Cook 2019-06-22 0:03 ` [PATCH V34 25/29] kexec: Allow kexec_file() with appropriate IMA policy when locked down Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 26/29] debugfs: Restrict debugfs when the kernel is " Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 27/29] tracefs: Restrict tracefs " Matthew Garrett 2019-06-22 0:03 ` [PATCH V34 28/29] efi: Restrict efivar_ssdt_load " Matthew Garrett 2019-06-23 0:14 ` Kees Cook 2019-06-25 15:00 ` Ard Biesheuvel 2019-06-22 0:03 ` [PATCH V34 29/29] lockdown: Print current->comm in restriction messages Matthew Garrett 2019-06-23 0:25 ` Kees Cook 2019-06-24 23:01 ` [PATCH V34 00/29] Lockdown as an LSM James Morris 2019-06-24 23:47 ` Casey Schaufler 2019-06-24 23:56 ` Matthew Garrett 2019-06-25 6:04 ` James Morris 2019-06-25 8:16 ` John Johansen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190622000358.19895-8-matthewgarrett@google.com \ --to=matthewgarrett@google.com \ --cc=dhowells@redhat.com \ --cc=dyoung@redhat.com \ --cc=jmorris@namei.org \ --cc=kexec@lists.infradead.org \ --cc=linux-api@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=mjg59@google.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.