Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp44015imb; Thu, 28 Feb 2019 15:27:10 -0800 (PST) X-Google-Smtp-Source: APXvYqwyi6iHWZMu8Yp56MLwPPvqaU0g4IX7asxu9ruf3X23eXWqfYfXE94J6Q3TkQYstrM0Zy9i X-Received: by 2002:a65:654d:: with SMTP id a13mr1746275pgw.181.1551396430758; Thu, 28 Feb 2019 15:27:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551396430; cv=none; d=google.com; s=arc-20160816; b=hiF9+9zaJ0WmIKa1Z1Q2dA0T52KeCR1qdQRskpKsdgH9XxKlEZ1TbBFLqLBXCk7jBi GkmdyJjwsp5Rq6ZIvxZEu2NtrGGewcL/MryCWyAZg6WM0CMVjXcXd3VIw5PLzKilWYkW m0GytCsuit0SnycsQqSmvnfkfvR2T3x+U5xgZJ2fBwTtQ/S54ZV8kLpIDgNmMhgBybPr OTlyZTAC2ZhV4emC6NtTbQpr3DVFgXEtWQMmEEG/Z6bWD4TwJkaL3X/HEn/kI7v365+I fI+GKD3vVnRHM/HJCJIfuh81Y3yY3hmHB86m381YvJDPJpYUWr767jbRsn2UZDX0C5hy KnMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=5zx9SlvOWbOM3aQxwWawliOAIMYFC517bf1Wue1q92g=; b=aZjj1QB/fKumzhzfKfGEBwYD8bBYrnyoWVOJdhyWiBiMJcuNs22ds3W3FiMHVb6/aR wcww4dkJijP24UVVykSGrptKrI3E7Y8759tPwtFGhIwm5PYSp9uPVuvPfwyIv4QJ16hQ EAvWMQ0zOHL/l/y/0bLlHxNawi1LuGrCSdzNfRZjOvZZBxyCK4QAHzcK5NeE1QMWnRIO LXfSoWQyKnN9rhq5NxXjbT/ZT6Vp50RNIRxT8KdJ3RTpvUW7OB2Yz0TciqaTNIHGIj9b JOJk6yvXxOT8R7OtE/kZHRbGuwosFz/9rR4gCdk8El0ka6E0AnbCR6QrDEhFWziZjvHd UCdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gPF6Q7LO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n14si5702686pgv.520.2019.02.28.15.26.55; Thu, 28 Feb 2019 15:27:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gPF6Q7LO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387718AbfB1XMa (ORCPT + 99 others); Thu, 28 Feb 2019 18:12:30 -0500 Received: from mail-pl1-f201.google.com ([209.85.214.201]:33786 "EHLO mail-pl1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387620AbfB1XM2 (ORCPT ); Thu, 28 Feb 2019 18:12:28 -0500 Received: by mail-pl1-f201.google.com with SMTP id go14so16236422plb.0 for ; Thu, 28 Feb 2019 15:12:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=5zx9SlvOWbOM3aQxwWawliOAIMYFC517bf1Wue1q92g=; b=gPF6Q7LOzQP1CW6ypT8jIjswLBrVEyj1YiXGn66YsKob18h+lmUAvhQmwfVgJasMXT 9x4raDkz+8Fxvj94kTef6TVvnZ9H9fqHReWufNibRyMSmpX7JmCVLtf7lyEiSibybIxl q86MYyzxplgzA/p9/FwFC9RxMDd4MqtBnlAt3cTMTftdZzX9ZX1yVIezxHmEIYeRBouI FTi1OYE4Y8cwANVb4Hqjj6gXhvn4iSkyE7qJ+qRVIEd5dYe5XT+4aObm1ljMwYmgLeel JyhfL2kM1GIRPR4jEZzllZztae7DaxOQdH5OB2k3SEnXNTNmChiAh5KvdsK/L/QGhSs8 V6oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=5zx9SlvOWbOM3aQxwWawliOAIMYFC517bf1Wue1q92g=; b=DAVoMwnwEV8yOWNjF1MozK692fd6cUh5Zd2o4FrnzTsbrxL9lmOMsyzcQBv6khpkpi 16j4c54HHCgeVJU19P5GVzrBDTPpDAv54YuXRgbct0LTmm+hcHd4uPGv+WuoD4LY6MfT NO7GcmxAWfB0Eba4SDc9Kq35t7zoq1EOdBlp/CCLiNAO8kWZr6dwCF0WF3j2Z1MF0+77 kdKLH9g+x3Vg+ar5dxoZKJYSNKsYvw7IyHFDhCHuG4jL3C/b5PZpy6LwsVCad9r7I1Oe PQrS7Fa21wVbxi4D6cL31FHwQCZJp8F6V9LaUbNxc3asGWqI+O/iZo5qvhQIc9/uCo3G 1lDA== X-Gm-Message-State: AHQUAuYXJTO1yThp0JlLwiKBpWU4vIVfpkv7wlHUMRIKCsieGPXGlfiu 2yYn8rT8RpaPZBxHSlEsEzKtrkkT5obEVKFxbeNKkQ== X-Received: by 2002:a62:15cd:: with SMTP id 196mr960512pfv.105.1551395547687; Thu, 28 Feb 2019 15:12:27 -0800 (PST) Date: Thu, 28 Feb 2019 15:11:45 -0800 In-Reply-To: <20190228231203.212359-1-matthewgarrett@google.com> Message-Id: <20190228231203.212359-9-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190228231203.212359-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH 09/27] hibernate: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" cc: linux-pm@vger.kernel.org --- kernel/power/hibernate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index abef759de7c8..802795becb88 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && !kernel_is_locked_down("Hibernation"); } /** -- 2.21.0.352.gf09ad66450-goog