This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug translator/25579] New: detect kernel lockdown/secureboot in effect

From: "fche at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: systemtap at sourceware dot org
Date: Wed, 19 Feb 2020 20:21:37 +0000
Subject: [Bug translator/25579] New: detect kernel lockdown/secureboot in effect
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=25579

            Bug ID: 25579
           Summary: detect kernel lockdown/secureboot in effect
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
          Assignee: systemtap at sourceware dot org
          Reporter: fche at redhat dot com
  Target Milestone: ---

https://bugzilla.redhat.com/show_bug.cgi?id=1638874 indicates modern kernels
activate a lockdown mode for kernels running under secureboot-enforcing mode,
which may prevent normal stap modules from loading/running.  Once the kernel
exposes this state to unprivileged stap, we'll need to adopt the translator to
invoke the secureboot-signing mode implicitly.  This logic is in the
systemtap_session::modules_must_be_signed() function.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Follow-Ups:
- [Bug translator/25579] detect kernel lockdown/secureboot in effect
  - From: fche at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]