------- Comment From daniel.axte...@ibm.com 2020-02-17 00:27 EDT-------
Hi,
I'm sorry, I thought I had already mentioned this but it was a case of
me getting projects and teams mixed up.
Please could you pick up (in addition to the issue still pending) commit
69393cb03ccd ("powerpc/xmon: Restrict when kernel is locked down").
>From the pull-request that included it, the commit does the following:
- A change to xmon (our crash handler / pseudo-debugger) to restrict
it to read-only mode when the kernel is lockdown'ed, otherwise it's
trivial to drop into xmon and modify kernel data, such as the
lockdown state.
To exploit this you'd need to boot with command line including
'xmon=rw', as xmon isn't read-write by default on the Focal kernel, but
that's not exactly a challenge. I have used this to drop down from
lockdown=confidentiality to lockdown=none on 5.4.0-14-generic #17-Ubuntu
Regards,
Daniel
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855668
Title:
lockdown on power
Status in The Ubuntu-power-systems project:
Fix Committed
Status in linux package in Ubuntu:
Fix Committed
Bug description:
== Comment: #0 - Michael Ranweiler <mranw...@us.ibm.com> - 2019-11-11
08:50:51 ==
For 20.04 testing/inclusion. The ubuntu kernel team has a ppa here for
testing:
https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/unstable
Test results will follow...
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1855668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
