git.ozlabs.org Git - petitboot/commit

author	Brett Grandbois <brett.grandbois@opengear.com>
	Sun, 10 Jun 2018 21:36:58 +0000 (07:36 +1000)
committer	Samuel Mendoza-Jonas <sam@mendozajonas.com>
	Tue, 12 Jun 2018 04:43:33 +0000 (14:43 +1000)
commit	18a47a31b46d916c58a31e8784a7c3a3abcae446
tree	188d558019c4bde1e3f2e849d025d417bb4f393c	tree \| snapshot (tar.gz zip)
parent	32952937bc5c3753ff2f8f4612da5ba51bf69759	commit \| diff

lib/security: hard_lockdown flag to stop runtime disable of signed boot

Currently if signed-boot is enabled in configure the presence of the
LOCKDOWN_FILE is used as a runtime determination to perform the actual
verification. In some environments this may be acceptable or even the
intended operation but in other environments could be a security hole
since the removal of the file will then cause boot task verification.
Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN
preprocessor definition to force the system to always do a signed boot
verification for each boot task, which in the case of a missing file the
boot will fail.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

configure.ac		diff \| blob \| history
lib/security/gpg.c		diff \| blob \| history
lib/security/openssl.c		diff \| blob \| history
ui/ncurses/nc-boot-editor.c		diff \| blob \| history
ui/ncurses/nc-cui.c		diff \| blob \| history