summaryrefslogtreecommitdiffstats
path: root/test/parser
diff options
context:
space:
mode:
authorBrett Grandbois <brett.grandbois@opengear.com>2018-06-11 07:36:58 +1000
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-06-12 14:43:33 +1000
commit18a47a31b46d916c58a31e8784a7c3a3abcae446 (patch)
tree188d558019c4bde1e3f2e849d025d417bb4f393c /test/parser
parent32952937bc5c3753ff2f8f4612da5ba51bf69759 (diff)
downloadtalos-petitboot-18a47a31b46d916c58a31e8784a7c3a3abcae446.tar.gz
talos-petitboot-18a47a31b46d916c58a31e8784a7c3a3abcae446.zip
lib/security: hard_lockdown flag to stop runtime disable of signed boot
Currently if signed-boot is enabled in configure the presence of the LOCKDOWN_FILE is used as a runtime determination to perform the actual verification. In some environments this may be acceptable or even the intended operation but in other environments could be a security hole since the removal of the file will then cause boot task verification. Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN preprocessor definition to force the system to always do a signed boot verification for each boot task, which in the case of a missing file the boot will fail. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'test/parser')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud