> On July 29, 2019 at 2:00 AM Daniel Axtens wrote:
>
> Would you be able to send a v2 with these changes? (that is, not purging
> breakpoints when entering integrity mode)
>
Just sent out a v3 with that change among a few others and a rebase.
Thanks,
Chris R.
Hi Chris,
Remind me again why we need to clear breakpoints in integrity mode?
...
>> Integrity mode merely means we are aiming to prevent modifications to
>> kernel memory. IMHO leaving existing breakpoints in place is fine as
>> long as when we hit the breakpoint xmon is in read-only mode.
Andrew Donnellan writes:
> On 4/6/19 1:05 pm, Christopher M Riedl wrote:>>> +if (!xmon_is_ro) {
+ xmon_is_ro = kernel_is_locked_down("Using xmon write-access",
+ LOCKDOWN_INTEGRITY);
+ if (xmon_is_ro) {
+
On 4/6/19 1:05 pm, Christopher M Riedl wrote:>>> + if (!xmon_is_ro) {
+ xmon_is_ro = kernel_is_locked_down("Using xmon write-access",
+ LOCKDOWN_INTEGRITY);
+ if (xmon_is_ro) {
+ printf("xmon: R
> On June 3, 2019 at 1:36 AM Andrew Donnellan wrote:
>
>
> On 24/5/19 10:38 pm, Christopher M. Riedl wrote:
> > Xmon should be either fully or partially disabled depending on the
> > kernel lockdown state.
> >
> > Put xmon into read-only mode for lockdown=integrity and completely
> > disable
On 24/5/19 10:38 pm, Christopher M. Riedl wrote:
Xmon should be either fully or partially disabled depending on the
kernel lockdown state.
Put xmon into read-only mode for lockdown=integrity and completely
disable xmon when lockdown=confidentiality. Xmon checks the lockdown
state and takes appro
Xmon should be either fully or partially disabled depending on the
kernel lockdown state.
Put xmon into read-only mode for lockdown=integrity and completely
disable xmon when lockdown=confidentiality. Xmon checks the lockdown
state and takes appropriate action:
(1) during xmon_setup to prevent e
