Early Patches For Kernel Lockdown Mode Set For Linux 4.12
Written by Michael Larabel in Linux Kernel on 4 May 2017 at 06:12 AM EDT. 2 Comments
David Howells of Red Hat has requested Linus Torvalds pull his hardware module parameter annotation branch into the Linux 4.12 kernel. This is a needed step as part of his work on the "Kernel Lockdown" series for restricting access for allowing hardware resources be modified when in UEFI Secure Boot or other restricted mode.

The Kernel Lockdown patches aren't being called for merging into Linux 4.12 but rather the precursor work of needing to distinguish kernel module parameters between general parameters and those that modify hardware resources. With module parameters that potentially modify/touch hardware settings, they are now set to call a different set of functions (e.g. module_param vs. module_param_hw). Then in the future, it's easy to lockdown/prevent those calls from going through when in the UEFI Secure Boot mode or otherwise on a locked-down kernel where you don't want user-space to be able to modify any hardware settings.

More details on this work queued for Linux 4.12 via this patch series. More background information in Kernel Lockdown: Tightening Up Linux Kernel Access From User-Space and Kernel Lockdown Patches Published (LOCK_DOWN_KERNEL).
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week