summaryrefslogtreecommitdiffstats
path: root/crypto/asymmetric_keys
diff options
context:
space:
mode:
authorDave Young <dyoung@redhat.com>2019-08-19 17:17:43 -0700
committerJames Morris <jmorris@namei.org>2019-08-19 21:54:15 -0700
commitfef5dad9876034253d59acbf8c0c314f4d94cf87 (patch)
tree1f17869cc8b60692044de992bb20644e3d7c2e21 /crypto/asymmetric_keys
parent7d31f4602f8d366072471ca138e4ea7b8edf9be0 (diff)
downloadlinux-fef5dad9876034253d59acbf8c0c314f4d94cf87.tar.bz2
lockdown: Copy secure_boot flag in boot params across kexec reboot
Kexec reboot in case secure boot being enabled does not keep the secure boot mode in new kernel, so later one can load unsigned kernel via legacy kexec_load. In this state, the system is missing the protections provided by secure boot. Adding a patch to fix this by retain the secure_boot flag in original kernel. secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the stub. Fixing this issue by copying secure_boot flag across kexec reboot. Signed-off-by: Dave Young <dyoung@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> cc: kexec@lists.infradead.org Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'crypto/asymmetric_keys')
0 files changed, 0 insertions, 0 deletions