* [Bug translator/25579] New: detect kernel lockdown/secureboot in effect @ 2020-02-19 20:21 fche at redhat dot com 2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: fche at redhat dot com @ 2020-02-19 20:21 UTC (permalink / raw) To: systemtap https://sourceware.org/bugzilla/show_bug.cgi?id=25579 Bug ID: 25579 Summary: detect kernel lockdown/secureboot in effect Product: systemtap Version: unspecified Status: NEW Severity: normal Priority: P2 Component: translator Assignee: systemtap at sourceware dot org Reporter: fche at redhat dot com Target Milestone: --- https://bugzilla.redhat.com/show_bug.cgi?id=1638874 indicates modern kernels activate a lockdown mode for kernels running under secureboot-enforcing mode, which may prevent normal stap modules from loading/running. Once the kernel exposes this state to unprivileged stap, we'll need to adopt the translator to invoke the secureboot-signing mode implicitly. This logic is in the systemtap_session::modules_must_be_signed() function. -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com @ 2020-02-19 21:10 ` fche at redhat dot com 2020-04-16 20:28 ` fche at redhat dot com 2020-05-13 0:08 ` fche at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: fche at redhat dot com @ 2020-02-19 21:10 UTC (permalink / raw) To: systemtap https://sourceware.org/bugzilla/show_bug.cgi?id=25579 Frank Ch. Eigler <fche at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |25580 Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=25580 [Bug 25580] lp tracker -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com 2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com @ 2020-04-16 20:28 ` fche at redhat dot com 2020-05-13 0:08 ` fche at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: fche at redhat dot com @ 2020-04-16 20:28 UTC (permalink / raw) To: systemtap https://sourceware.org/bugzilla/show_bug.cgi?id=25579 --- Comment #1 from Frank Ch. Eigler <fche at redhat dot com> --- until the kernel exposes that info, here is how it can be found as of 5.5ish: # sudo cat /sys/kernel/security/lockdown [none] integrity confidentiality -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com 2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com 2020-04-16 20:28 ` fche at redhat dot com @ 2020-05-13 0:08 ` fche at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: fche at redhat dot com @ 2020-05-13 0:08 UTC (permalink / raw) To: systemtap https://sourceware.org/bugzilla/show_bug.cgi?id=25579 Frank Ch. Eigler <fche at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Frank Ch. Eigler <fche at redhat dot com> --- commit bef690b0e502 The kernel-side procfs file is not yet world-readable, but will be. This is still useful for # sudo stap ... type use cases. -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-13 0:08 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com 2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com 2020-04-16 20:28 ` fche at redhat dot com 2020-05-13 0:08 ` fche at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).