* [Bug translator/25579] New: detect kernel lockdown/secureboot in effect
@ 2020-02-19 20:21 fche at redhat dot com
2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: fche at redhat dot com @ 2020-02-19 20:21 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=25579
Bug ID: 25579
Summary: detect kernel lockdown/secureboot in effect
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: translator
Assignee: systemtap at sourceware dot org
Reporter: fche at redhat dot com
Target Milestone: ---
https://bugzilla.redhat.com/show_bug.cgi?id=1638874 indicates modern kernels
activate a lockdown mode for kernels running under secureboot-enforcing mode,
which may prevent normal stap modules from loading/running. Once the kernel
exposes this state to unprivileged stap, we'll need to adopt the translator to
invoke the secureboot-signing mode implicitly. This logic is in the
systemtap_session::modules_must_be_signed() function.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread* [Bug translator/25579] detect kernel lockdown/secureboot in effect 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com @ 2020-02-19 21:10 ` fche at redhat dot com 2020-04-16 20:28 ` fche at redhat dot com 2020-05-13 0:08 ` fche at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: fche at redhat dot com @ 2020-02-19 21:10 UTC (permalink / raw) To: systemtap https://sourceware.org/bugzilla/show_bug.cgi?id=25579 Frank Ch. Eigler <fche at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |25580 Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=25580 [Bug 25580] lp tracker -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com 2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com @ 2020-04-16 20:28 ` fche at redhat dot com 2020-05-13 0:08 ` fche at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: fche at redhat dot com @ 2020-04-16 20:28 UTC (permalink / raw) To: systemtap https://sourceware.org/bugzilla/show_bug.cgi?id=25579 --- Comment #1 from Frank Ch. Eigler <fche at redhat dot com> --- until the kernel exposes that info, here is how it can be found as of 5.5ish: # sudo cat /sys/kernel/security/lockdown [none] integrity confidentiality -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/25579] detect kernel lockdown/secureboot in effect 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com 2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com 2020-04-16 20:28 ` fche at redhat dot com @ 2020-05-13 0:08 ` fche at redhat dot com 2 siblings, 0 replies; 4+ messages in thread From: fche at redhat dot com @ 2020-05-13 0:08 UTC (permalink / raw) To: systemtap https://sourceware.org/bugzilla/show_bug.cgi?id=25579 Frank Ch. Eigler <fche at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Frank Ch. Eigler <fche at redhat dot com> --- commit bef690b0e502 The kernel-side procfs file is not yet world-readable, but will be. This is still useful for # sudo stap ... type use cases. -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-13 0:08 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-02-19 20:21 [Bug translator/25579] New: detect kernel lockdown/secureboot in effect fche at redhat dot com 2020-02-19 21:10 ` [Bug translator/25579] " fche at redhat dot com 2020-04-16 20:28 ` fche at redhat dot com 2020-05-13 0:08 ` fche at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).