From 18a47a31b46d916c58a31e8784a7c3a3abcae446 Mon Sep 17 00:00:00 2001 From: Brett Grandbois Date: Mon, 11 Jun 2018 07:36:58 +1000 Subject: lib/security: hard_lockdown flag to stop runtime disable of signed boot Currently if signed-boot is enabled in configure the presence of the LOCKDOWN_FILE is used as a runtime determination to perform the actual verification. In some environments this may be acceptable or even the intended operation but in other environments could be a security hole since the removal of the file will then cause boot task verification. Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN preprocessor definition to force the system to always do a signed boot verification for each boot task, which in the case of a missing file the boot will fail. Signed-off-by: Brett Grandbois Signed-off-by: Samuel Mendoza-Jonas --- ui/ncurses/nc-cui.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ui/ncurses/nc-cui.c') diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 20a9048..8a3f97d 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -61,10 +61,14 @@ static void cui_cancel_autoboot_on_exit(struct cui *cui); static bool lockdown_active(void) { +#if defined(SIGNED_BOOT) && defined(HARD_LOCKDOWN) + return true; +#else bool lockdown = false; if (access(LOCKDOWN_FILE, F_OK) != -1) lockdown = true; return lockdown; +#endif } static void cui_start(void) -- cgit v1.2.1