iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
92ad19559e
linux/security
History
Lee, Chun-Yi 92ad19559e integrity: Do not load MOK and MOKx when secure boot be disabled 
The security of Machine Owner Key (MOK) relies on secure boot. When
secure boot is disabled, EFI firmware will not verify binary code. Then
arbitrary efi binary code can modify MOK when rebooting.

This patch prevents MOK/MOKx be loaded when secure boot be disabled.

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2021-12-24 10:25:24 -05:00
..
apparmor + Features 2021-11-11 14:47:32 -08:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity integrity: Do not load MOK and MOKx when secure boot be disabled 2021-12-24 10:25:24 -05:00
keys ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-20 10:34:20 -05:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux net,lsm,selinux: revert the security_sctp_assoc_established() hook 2021-11-12 12:07:02 -05:00
smack selinux/stable-5.16 PR 20211101 2021-11-01 21:06:18 -07:00
tomoyo mm/pagemap: add mmap_assert_locked() annotations to find_vma*() 2021-09-03 09:58:13 -07:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c Miscellaneous minor fixes for v5.13. 2021-04-27 19:32:55 -07:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c
Kconfig Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
Kconfig.hardening gcc-plugins: Explicitly document purpose and deprecation schedule 2021-10-21 08:41:38 -07:00
lsm_audit.c lsm_audit: avoid overloading the "key" audit field 2021-09-19 22:47:04 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c net,lsm,selinux: revert the security_sctp_assoc_established() hook 2021-11-12 12:07:02 -05:00