From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752976AbdKGRjS (ORCPT ); Tue, 7 Nov 2017 12:39:18 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:50074 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752802AbdKGRjP (ORCPT ); Tue, 7 Nov 2017 12:39:15 -0500 References: <150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk> <150842464774.7923.7951986297563109339.stgit@warthog.procyon.org.uk> From: Thiago Jung Bauermann To: David Howells Cc: linux-security-module@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk, linux-efi@vger.kernel.org, matthew.garrett@nebula.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, jforbes@redhat.com Subject: Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown In-reply-to: <150842464774.7923.7951986297563109339.stgit@warthog.procyon.org.uk> Date: Tue, 07 Nov 2017 15:39:06 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 17110717-2213-0000-0000-00000237B57F X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008027; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000239; SDB=6.00942517; UDB=6.00475448; IPR=6.00722804; BA=6.00005676; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00017899; XFM=3.00000015; UTC=2017-11-07 17:39:13 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17110717-2214-0000-0000-00005816B2A4 Message-Id: <877ev2rnt1.fsf@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-11-07_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1711070236 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello David, David Howells writes: > +static struct sysrq_key_op lockdown_lift_sysrq_op = { > + .handler = sysrq_handle_lockdown_lift, > + .help_msg = "unSB(x)", > + .action_msg = "Disabling Secure Boot restrictions", > + .enable_mask = SYSRQ_DISABLE_USERSPACE, > +}; > + > +static int __init lockdown_lift_sysrq(void) > +{ > + if (kernel_locked_down) { > + lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; > + register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op); > + } > + return 0; > +} > + > +late_initcall(lockdown_lift_sysrq); > + > +#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY */ On non-x86 platforms (tested on powerpc) this fails to build with: security/lock_down.c: In function ‘lockdown_lift_sysrq’: security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use in this function) lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; ^~~~~~~~~~~~~~~~~ security/lock_down.c:100:40: note: each undeclared identifier is reported only once for each function it appears in -- Thiago Jung Bauermann IBM Linux Technology Center