Home
last modified time | relevance | path

Searched refs:lockdown (Results 1 – 25 of 29) sorted by relevance

12

/OK3568_Linux_fs/buildroot/boot/grub2/
H A D0036-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch4 Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down
7 down or not. Add the lockdown variable which is set to "y" when the GRUB
16 grub-core/kern/lockdown.c | 4 ++++
27 +The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
33 diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
35 --- a/grub-core/kern/lockdown.c
36 +++ b/grub-core/kern/lockdown.c
43 #include <grub/lockdown.h>
46 lockdown = GRUB_LOCKDOWN_ENABLED;
50 + grub_env_set ("lockdown", "y");
[all …]
H A D0035-kern-Add-lockdown-support.patch4 Subject: [PATCH] kern: Add lockdown support
14 The lockdown support adds the following components:
16 * The grub_lockdown() function which can be used to lockdown GRUB if,
51 grub-core/kern/lockdown.c | 80 +++++++++++++++++++++++++++++++++++++++++++++
54 include/grub/lockdown.h | 44 +++++++++++++++++++++++++
57 create mode 100644 grub-core/kern/lockdown.c
58 create mode 100644 include/grub/lockdown.h
112 +@code{grub_lockdown()} is used to lockdown GRUB and the function
113 +@code{grub_is_lockdown()} function can be used to check whether lockdown is
118 +used when lockdown is disabled:
[all …]
H A D0039-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch9 The command is not allowed when lockdown is enforced. Otherwise an
11 the kernel lockdown configuration and later load and execute
34 +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
36 + overwrite the kernel lockdown configuration and later load and execute
49 +#include <grub/lockdown.h>
H A D0106-fs-hfs-Disable-under-lockdown.patch4 Subject: [PATCH] fs/hfs: Disable under lockdown
8 it to be loaded under lockdown.
25 +#include <grub/lockdown.h>
H A D0040-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch4 Subject: [PATCH] mmap: Don't register cutmem and badram commands when lockdown
30 +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
45 +#include <grub/lockdown.h>
H A D0038-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch37 +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
69 +#include <grub/lockdown.h>
92 +#include <grub/lockdown.h>
131 +#include <grub/lockdown.h>
H A D0046-docs-Document-the-cutmem-command.patch35 Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
57 +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
H A D0037-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch25 +#include <grub/lockdown.h>
H A D0131-kern-buffer-Add-variable-sized-heap-buffer.patch51 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
52 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
96 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
97 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
168 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
169 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
195 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
196 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
204 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
205 …/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-r…
[all …]
H A D0041-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch39 +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
/OK3568_Linux_fs/kernel/security/lockdown/
H A DKconfig2 bool "Basic module for enforcing kernel lockdown"
6 Build support for an LSM that enforces a coarse kernel lockdown
10 bool "Enable lockdown LSM early in init"
13 Enable the lockdown LSM early in boot. This is necessary in order
14 to ensure that lockdown enforcement can be carried out on kernel
16 subsystem is fully initialised. If enabled, lockdown will
20 prompt "Kernel default lockdown mode"
25 lockdown.
30 No lockdown functionality is enabled by default. Lockdown may be
31 enabled via the kernel commandline or /sys/kernel/security/lockdown.
H A Dlockdown.c189 DEFINE_EARLY_LSM(lockdown) = {
191 DEFINE_LSM(lockdown) = {
H A DMakefile1 obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown.o
/OK3568_Linux_fs/kernel/security/
H A DMakefile14 subdir-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown
32 obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/
H A DKconfig232 source "security/lockdown/Kconfig"
272 …default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_S…
273 …default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_S…
274 default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
275 default "lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC
276 default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"
/OK3568_Linux_fs/kernel/Documentation/usb/
H A Dauthorization.rst44 Example system lockdown (lame)
47 Imagine you want to implement a lockdown so only devices of type XYZ
67 Now, device_is_my_type() is where the juice for a lockdown is. Just
80 if [ $sum = $(cat /etc/lockdown/keysum) ]
/OK3568_Linux_fs/yocto/poky/meta/lib/oe/
H A Dprservice.py73 def prserv_export_tofile(d, metainfo, datainfo, lockdown, nomax=False): argument
97 if lockdown:
/OK3568_Linux_fs/kernel/drivers/input/rmi4/
H A Drmi_f34.h183 u16 lockdown; member
220 struct block_data lockdown; member
H A Drmi_f34v7.c412 blkcount->lockdown = partition_length; in rmi_f34v7_parse_partition_table()
415 __func__, blkcount->lockdown); in rmi_f34v7_parse_partition_table()
1064 f34->v7.img.lockdown.data = content; in rmi_f34v7_parse_img_header_10_bl_container()
1065 f34->v7.img.lockdown.size = length; in rmi_f34v7_parse_img_header_10_bl_container()
/OK3568_Linux_fs/u-boot/drivers/spi/
H A Dich.h177 bool lockdown; /* lock down controller settings? */ member
H A Dich.c609 if (plat->lockdown) { in ich_spi_probe()
684 plat->lockdown = fdtdec_get_bool(gd->fdt_blob, node, in ich_spi_ofdata_to_platdata()
/OK3568_Linux_fs/yocto/poky/meta/recipes-bsp/grub/files/
H A DCVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch12 lockdown verifier, but this is the minimal patch addressing
/OK3568_Linux_fs/kernel/arch/mips/configs/
H A Dgcw0_defconfig148 CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity"
/OK3568_Linux_fs/kernel/arch/powerpc/xmon/
H A Dxmon.c298 static bool lockdown; in xmon_is_locked_down() local
300 if (!lockdown) { in xmon_is_locked_down()
301 lockdown = !!security_locked_down(LOCKDOWN_XMON_RW); in xmon_is_locked_down()
302 if (lockdown) { in xmon_is_locked_down()
314 return lockdown; in xmon_is_locked_down()
/OK3568_Linux_fs/yocto/poky/documentation/migration-guides/
H A Dmigration-3.1.rst174 pointed to local files; the lockdown file is no longer needed at all.

12