From patchwork Thu Aug 22 11:01:47 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chun-Yi Lee <joeyli.kernel@gmail.com>
X-Patchwork-Id: 2848202
Return-Path: <linux-pm-owner@kernel.org>
X-Original-To: patchwork-linux-pm@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 3B7B0BF546
	for <patchwork-linux-pm@patchwork.kernel.org>;
	Thu, 22 Aug 2013 11:08:48 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id E531D20624
	for <patchwork-linux-pm@patchwork.kernel.org>;
	Thu, 22 Aug 2013 11:08:46 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id B61512061F
	for <patchwork-linux-pm@patchwork.kernel.org>;
	Thu, 22 Aug 2013 11:08:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753636Ab3HVLEq (ORCPT
	<rfc822;patchwork-linux-pm@patchwork.kernel.org>);
	Thu, 22 Aug 2013 07:04:46 -0400
Received: from mail-pa0-f52.google.com ([209.85.220.52]:53409 "EHLO
	mail-pa0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752972Ab3HVLEp (ORCPT
	<rfc822;linux-pm@vger.kernel.org>); Thu, 22 Aug 2013 07:04:45 -0400
Received: by mail-pa0-f52.google.com with SMTP id kq13so2042785pab.39
	for <multiple recipients>; Thu, 22 Aug 2013 04:04:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=irUZSLJfXWQfnQ9pFgpor5Bs/PFoTha1C3WA8dNP0ns=;
	b=DSBuinQBLu4+Okd84KIAfLt3USYs40AyUdMjSOJYYHN7HNpoU4VqnlVtkc3rQ1OP4J
	yqh6WkXd4W9MPhuW0bzoJpXuBcyVTidOrYoMS69GbEAcaZ0xvxpClO/RYdljCixycdwf
	OWaZteXa4Cz0by+YF/AFXbIEcvZTU29LXVljKo022o7YPV+Pd6gJ36c6kWuKC+gKds52
	5HtiCs+/kGTgAw2SkVnYqFvH76VNEyyKiBHeKqcrPojRLgKk6cWoAcD/MbbmNlR1gvZ/
	oXMhUlti+6qwH2ANABJoLMJJVTdf1Ea9WsaUmADfUxcviTFPbG+5ojccaXKbJS+7rLZe
	DWgQ==
X-Received: by 10.66.191.137 with SMTP id gy9mr4820690pac.147.1377169484337;
	Thu, 22 Aug 2013 04:04:44 -0700 (PDT)
Received: from localhost.localdomain ([130.57.30.250])
	by mx.google.com with ESMTPSA id
	ht5sm14182603pbb.29.1969.12.31.16.00.00
	(version=TLSv1 cipher=RC4-SHA bits=128/128);
	Thu, 22 Aug 2013 04:04:43 -0700 (PDT)
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
	linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org,
	opensuse-kernel@opensuse.org, David Howells <dhowells@redhat.com>,
	"Rafael J. Wysocki" <rjw@sisk.pl>, Matthew Garrett <mjg59@srcf.ucam.org>,
	Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
	Josh Boyer <jwboyer@redhat.com>, Vojtech Pavlik <vojtech@suse.cz>,
	Matt Fleming <matt.fleming@intel.com>,
	James Bottomley <james.bottomley@hansenpartnership.com>,
	Greg KH <gregkh@linuxfoundation.org>, JKosina@suse.com,
	Rusty Russell <rusty@rustcorp.com.au>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"H. Peter Anvin" <hpa@zytor.com>, Michal Marek <mmarek@suse.cz>,
	Gary Lin <GLin@suse.com>, Vivek Goyal <vgoyal@redhat.com>,
	Matthew Garrett <mjg@redhat.com>, "Lee, Chun-Yi" <jlee@suse.com>
Subject: [PATCH 08/18] Secure boot: Add new capability
Date: Thu, 22 Aug 2013 19:01:47 +0800
Message-Id: <1377169317-5959-9-git-send-email-jlee@suse.com>
X-Mailer: git-send-email 1.6.0.2
In-Reply-To: <1377169317-5959-1-git-send-email-jlee@suse.com>
References: <1377169317-5959-1-git-send-email-jlee@suse.com>
Sender: linux-pm-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-pm.vger.kernel.org>
X-Mailing-List: linux-pm@vger.kernel.org
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Matthew Garrett <mjg@redhat.com>

Secure boot adds certain policy requirements, including that root must not
be able to do anything that could cause the kernel to execute arbitrary code.
The simplest way to handle this would seem to be to add a new capability
and gate various functionality on that. We'll then strip it from the initial
capability set if required.

Signed-off-by: Matthew Garrett <mjg@redhat.com>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
 include/uapi/linux/capability.h |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index ba478fa..7109e65 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -343,7 +343,11 @@ struct vfs_cap_data {
 
 #define CAP_BLOCK_SUSPEND    36
 
-#define CAP_LAST_CAP         CAP_BLOCK_SUSPEND
+/* Allow things that trivially permit root to modify the running kernel */
+
+#define CAP_COMPROMISE_KERNEL  37
+
+#define CAP_LAST_CAP         CAP_COMPROMISE_KERNEL
 
 #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)