On Mon, May 12, 2025 at 12:51 PM Andrew Cooper
wrote:
>
> Kevin: It will be best to resend the series in full.
Ok.
On 12/05/2025 11:27 am, Jan Beulich wrote:
> On 06.05.2025 18:23, Kevin Lampis wrote:
>> Add lockdown mode
>>
>> The intention of lockdown mode is to prevent attacks from a rogue dom0
>> userspace from compromising the system. Lockdown mode can be controlled by a
>> Kconfig option and a command-lin
On 06.05.2025 18:23, Kevin Lampis wrote:
> Add lockdown mode
>
> The intention of lockdown mode is to prevent attacks from a rogue dom0
> userspace from compromising the system. Lockdown mode can be controlled by a
> Kconfig option and a command-line parameter. It is also enabled automatically
> w
Hello Kevin,
> The intention of lockdown mode is to prevent attacks from a rogue dom0
> userspace from compromising the system.
Do we consider Dom0 kernel-space as well (thus Dom0 as a whole), or only
userland, what about privcmd device (which can issue hypercalls) ?
Teddy
Teddy Astie | Vates
Add lockdown mode
The intention of lockdown mode is to prevent attacks from a rogue dom0
userspace from compromising the system. Lockdown mode can be controlled by a
Kconfig option and a command-line parameter. It is also enabled automatically
when Secure Boot is enabled and it cannot be disabled
