Received: by 10.192.165.156 with SMTP id m28csp936926imm; Wed, 11 Apr 2018 09:32:33 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/kf/cGhu8qTB8cXvLo20H4T2m5riGtmhf7U0E7WF4O8c1NgTQlopXjuua8wMTib/oLGbgm X-Received: by 10.101.89.5 with SMTP id f5mr3949901pgu.428.1523464353555; Wed, 11 Apr 2018 09:32:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523464353; cv=none; d=google.com; s=arc-20160816; b=vC3sFhjFA0DmxqwK0W9WHR5pXBmkAI8Vangkm5lRaseuorxSGZd81RXAQATRz3rKY0 rbzznlSgGW9Lsu+b9lTbBA+UFyCny8CqaOqH7AruTEI3sK9/mFJ7JIiU9Wi2YsGo1nyi g7wo2tpWZwPB9ZfyPRzAEdMUHZzR6OXQUzxvBpFpOakhbM8Cv5qG8pzdrk7novrc5hQN OSZ9COaupVhZjYaXxdSfBdH+cOdexn/8EkUphStX146wNjNVoGrbmOFbybqMCsfVus2B /b35N21uxjxGQ+quoxRNihOgjKYFYRsDXVe10wdkYAmZs8shnCXknvKmerqfjS5gS6gs xdFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:arc-authentication-results; bh=GZWWcUQqbTGDb00/lOR0kLPTyF9cTNUwJ9frNK4bBc4=; b=Rlqphikq7d7lFmBAzJdE8weyg6vGjGbBCj4DnTILvMLrnmI7WllD0g03hRzYqy4vOb rLFpZeupL3B4dknp/jA8bQ9PLEOXHkxVpzOaDbtoKXrYU4QfwehUK+w0/as3J8qjaBvY 8IOTf/qZCXraizKRW9Sg47Yh/yUvt10Nw+f5Nc/tcoit0e1Ch6TvdRFzGN6y9uU7aS5I fbNR/op9lEQbvp5UeYVY3M3taWJBxR2kKEacvdA22e3wVxZGXNwfnx/HW3SW6NniiC2a ThLnavWbK4D2Jll0SA0z0dAiD41smWfz3XgP/QKfByUTNVW6/LaUyMiQvpq4KK/J9i72 8T3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a9si947259pgu.454.2018.04.11.09.31.55; Wed, 11 Apr 2018 09:32:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754085AbeDKQZa (ORCPT + 99 others); Wed, 11 Apr 2018 12:25:30 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:45166 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752804AbeDKQZ1 (ORCPT ); Wed, 11 Apr 2018 12:25:27 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7F97281A88C4; Wed, 11 Apr 2018 16:25:26 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-8.rdu2.redhat.com [10.10.120.8]) by smtp.corp.redhat.com (Postfix) with ESMTP id AB0B6215CDAF; Wed, 11 Apr 2018 16:25:25 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 07/24] hibernate: Disable when the kernel is locked down From: David Howells To: torvalds@linux-foundation.org Cc: linux-man@vger.kernel.org, linux-api@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org Date: Wed, 11 Apr 2018 17:25:25 +0100 Message-ID: <152346392521.4030.5108539377959227838.stgit@warthog.procyon.org.uk> In-Reply-To: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 11 Apr 2018 16:25:26 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 11 Apr 2018 16:25:26 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" cc: linux-pm@vger.kernel.org --- kernel/power/hibernate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index 5454cc639a8d..629f158f5a0c 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && !kernel_is_locked_down("Hibernation"); } /**