From: David Howells <dhowells@redhat.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: dhowells@redhat.com, ard.biesheuvel@linaro.org,
matthew.garrett@nebula.com,
linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/5] Add the ability to lock down access to the running kernel image
Date: Fri, 26 May 2017 13:43:12 +0100 [thread overview]
Message-ID: <22659.1495802592@warthog.procyon.org.uk> (raw)
In-Reply-To: <fa6647c3-baff-d9e9-8ffe-89042b2a553d@schaufler-ca.com>
Casey Schaufler <casey@schaufler-ca.com> wrote:
> You called out five distinct features in 0/5, so how about
> a bit for each of those?
Actually, there are more than five in that list - there are three in the first
item - and I'm not sure the remaining categories are quite as well defined as
I made it seem.
Also, that sort of categorisation might not be what we actually need: it might
end up coming down to a no-write vs no-read-or-write split instead.
> Actually, I don't care which way you go. The current code works
> for me. I am just concerned that the granularity fiends might come
> around later.
In that case, I'll leave it as is for the moment. It doesn't introduce so
many calls that they're impossible to change.
David
next prev parent reply other threads:[~2017-05-26 12:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-24 14:45 [PATCH 0/5] security, efi: Set lockdown if in secure boot mode David Howells
2017-05-24 14:45 ` [PATCH 1/5] efi: Move the x86 secure boot switch to generic code David Howells
2017-05-26 7:59 ` joeyli
2017-05-24 14:45 ` [PATCH 2/5] efi: Add EFI_SECURE_BOOT bit David Howells
2017-05-26 8:06 ` joeyli
2017-05-24 14:45 ` [PATCH 3/5] Add the ability to lock down access to the running kernel image David Howells
2017-05-24 15:36 ` Casey Schaufler
2017-05-25 6:53 ` David Howells
2017-05-25 18:18 ` Casey Schaufler
2017-05-26 12:43 ` David Howells [this message]
2017-05-26 17:08 ` joeyli
2017-05-26 8:16 ` joeyli
2017-05-24 14:45 ` [PATCH 4/5] efi: Lock down the kernel if booted in secure boot mode David Howells
2017-05-26 8:29 ` joeyli
2017-05-24 14:46 ` [PATCH 5/5] Add a sysrq option to exit " David Howells
2017-05-27 4:06 ` joeyli
2017-05-30 10:49 ` James Morris
2017-05-30 18:57 ` [PATCH 0/5] security, efi: Set lockdown if in " Ard Biesheuvel
2017-05-31 9:23 ` David Howells
2017-05-31 11:39 ` Ard Biesheuvel
2017-05-31 13:33 ` David Howells
2017-05-31 14:06 ` Ard Biesheuvel
2017-06-06 9:34 ` David Howells
2017-06-09 17:33 ` Ard Biesheuvel
2017-06-09 19:22 ` Kees Cook
-- strict thread matches above, loose matches on Subject: below --
2017-04-06 12:49 [PATCH 1/5] efi: Move the x86 secure boot switch to generic code David Howells
2017-04-06 12:50 ` [PATCH 3/5] Add the ability to lock down access to the running kernel image David Howells
2017-04-06 22:45 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22659.1495802592@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=ard.biesheuvel@linaro.org \
--cc=casey@schaufler-ca.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthew.garrett@nebula.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox