|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 0/4] Add lockdown mode
Add lockdown mode The intention of lockdown mode is to prevent attacks from a rogue dom0 userspace from compromising the system. Lockdown mode can be controlled by a Kconfig option and a command-line parameter. It is also enabled automatically when Secure Boot is enabled and it cannot be disabled in that case. Ross Lagerwall (3): lib: Add strcspn function efi: Add a function to check if Secure Boot mode is enabled Add lockdown mode Kevin Lampis (1): Disallow most command-line options when lockdown mode is enabled xen/arch/arm/domain_build.c | 4 +-- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/dom0_build.c | 4 +-- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/irq.c | 2 +- xen/arch/x86/nmi.c | 2 +- xen/arch/x86/setup.c | 3 +- xen/arch/x86/traps.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 2 +- xen/common/Kconfig | 8 +++++ xen/common/Makefile | 1 + xen/common/domain.c | 2 +- xen/common/efi/boot.c | 23 ++++++++++++ xen/common/efi/runtime.c | 3 ++ xen/common/kernel.c | 13 ++++++- xen/common/kexec.c | 2 +- xen/common/lockdown.c | 52 +++++++++++++++++++++++++++ xen/common/numa.c | 2 +- xen/common/page_alloc.c | 2 +- xen/common/shutdown.c | 2 +- xen/drivers/char/console.c | 2 +- xen/drivers/char/ns16550.c | 4 +-- xen/drivers/video/vga.c | 2 +- xen/include/xen/efi.h | 6 ++++ xen/include/xen/lockdown.h | 9 +++++ xen/include/xen/param.h | 49 +++++++++++++++++++------ xen/include/xen/string.h | 1 + xen/lib/Makefile | 1 + xen/lib/strcspn.c | 22 ++++++++++++ 32 files changed, 200 insertions(+), 35 deletions(-) create mode 100644 xen/common/lockdown.c create mode 100644 xen/include/xen/lockdown.h create mode 100644 xen/lib/strcspn.c -- 2.42.0
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |