Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936511AbcKPWU5 (ORCPT ); Wed, 16 Nov 2016 17:20:57 -0500 Received: from mail.skyhub.de ([78.46.96.112]:52685 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753891AbcKPWUz (ORCPT ); Wed, 16 Nov 2016 17:20:55 -0500 Date: Wed, 16 Nov 2016 23:20:49 +0100 From: Borislav Petkov To: David Howells Cc: keyrings@vger.kernel.org, matthew.garrett@nebula.com, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 01/16] Add the ability to lock down access to the running kernel image Message-ID: <20161116222049.hywdxse4hwsrfwjm@pd.tnic> References: <147933283664.19316.12454053022687659937.stgit@warthog.procyon.org.uk> <147933284407.19316.17886320817060158597.stgit@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <147933284407.19316.17886320817060158597.stgit@warthog.procyon.org.uk> User-Agent: NeoMutt/20161014 (1.7.1) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 820 Lines: 30 On Wed, Nov 16, 2016 at 09:47:24PM +0000, David Howells wrote: > Provide a single call to allow kernel code to determine whether the system > should be locked down, thereby disallowing various accesses that might > allow the running kernel image to be changed including the loading of > modules that aren't validly signed with a key we recognise, fiddling with > MSR registers and disallowing hibernation, > > Signed-off-by: David Howells > --- ... > +/** > + * kernel_is_locked_down - Find out if the kernel is locked down > + */ > +bool kernel_is_locked_down(void) > +{ > + return kernel_locked_down; > +} > +EXPORT_SYMBOL(kernel_locked_down); Surely EXPORT_SYMBOL(kernel_is_locked_down); -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.