Add two new lockdown reasons for use in powerpc's pseries platform code. The pseries platform allows hardware-level error injection via certain calls to the RTAS (Run Time Abstraction Services) firmware. ACPI-based error injection is already restricted in lockdown; this facility should be restricted for the same reasons.
pseries also allows nearly arbitrary device tree changes via /proc/powerpc/ofdt. Just as overriding ACPI tables is not allowed while locked down, so should this facility be restricted. Changes since v1: * Move LOCKDOWN_DEVICE_TREE next to LOCKDOWN_ACPI_TABLES. Nathan Lynch (2): powerpc/pseries: block untrusted device tree changes when locked down powerpc/rtas: block error injection when locked down arch/powerpc/kernel/rtas.c | 25 ++++++++++++++++++++++- arch/powerpc/platforms/pseries/reconfig.c | 5 +++++ include/linux/security.h | 2 ++ security/security.c | 2 ++ 4 files changed, 33 insertions(+), 1 deletion(-) -- 2.37.3
