Created
October 2, 2022 23:39
-
-
Save kelvie/917d456cb572325aae8e3bd94a9c1350 to your computer and use it in GitHub Desktop.
Enable hibernate during lockdown
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From e4db4f07e77feb1c126e7afbf441e9eae34b4e57 Mon Sep 17 00:00:00 2001 | |
| From: Kelvie Wong <[email protected]> | |
| Date: Sun, 2 Oct 2022 13:23:25 -0700 | |
| Subject: [PATCH] Add a lockdown_hibernate parameter | |
| This allows the user to tell the kernel that they know better (namely, | |
| they secured their swap properly), and that it can enable hibernation. | |
| Signed-off-by: Kelvie Wong <[email protected]> | |
| --- | |
| Documentation/admin-guide/kernel-parameters.txt | 5 +++++ | |
| kernel/power/hibernate.c | 10 +++++++++- | |
| 2 files changed, 14 insertions(+), 1 deletion(-) | |
| diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt | |
| index 426fa892d311..54785faba9e0 100644 | |
| --- a/Documentation/admin-guide/kernel-parameters.txt | |
| +++ b/Documentation/admin-guide/kernel-parameters.txt | |
| @@ -2804,6 +2804,11 @@ | |
| to extract confidential information from the kernel | |
| are also disabled. | |
| + lockdown_hibernate [HIBERNATION] | |
| + Enable hibernation even if lockdown is enabled. Enable this only if | |
| + your swap is encrypted and secured properly, as an attacker can | |
| + modify the kernel offline during hibernation. | |
| + | |
| locktorture.nreaders_stress= [KNL] | |
| Set the number of locking read-acquisition kthreads. | |
| Defaults to being automatically set based on the | |
| diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c | |
| index 89c71fce225d..2221c531d54c 100644 | |
| --- a/kernel/power/hibernate.c | |
| +++ b/kernel/power/hibernate.c | |
| @@ -36,6 +36,7 @@ | |
| #include "power.h" | |
| +static int lockdown_hibernate; | |
| static int nocompress; | |
| static int noresume; | |
| static int nohibernate; | |
| @@ -82,7 +83,7 @@ void hibernate_release(void) | |
| bool hibernation_available(void) | |
| { | |
| return nohibernate == 0 && | |
| - !security_locked_down(LOCKDOWN_HIBERNATION) && | |
| + (lockdown_hibernate || !security_locked_down(LOCKDOWN_HIBERNATION)) && | |
| !secretmem_active() && !cxl_mem_active(); | |
| } | |
| @@ -1340,6 +1341,12 @@ static int __init nohibernate_setup(char *str) | |
| return 1; | |
| } | |
| +static int __init lockdown_hibernate_setup(char *str) | |
| +{ | |
| + lockdown_hibernate = 1; | |
| + return 1; | |
| +} | |
| + | |
| __setup("noresume", noresume_setup); | |
| __setup("resume_offset=", resume_offset_setup); | |
| __setup("resume=", resume_setup); | |
| @@ -1347,3 +1354,4 @@ __setup("hibernate=", hibernate_setup); | |
| __setup("resumewait", resumewait_setup); | |
| __setup("resumedelay=", resumedelay_setup); | |
| __setup("nohibernate", nohibernate_setup); | |
| +__setup("lockdown_hibernate", lockdown_hibernate_setup); | |
| -- | |
| 2.37.3 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment