Forked from kelvie/0001-Add-a-lockdown_hibernate-parameter.patch
Last active
October 17, 2023 16:07
-
-
Save slaclau/257fdb279729416b18568b9772415a3d to your computer and use it in GitHub Desktop.
Enable hibernate during lockdown
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| pkgctl repo clone --protocol=https linux-zen | |
| cd linux-zen | |
| echo "Downloading patch" | |
| curl -O https://gist.githubusercontent.com/slaclau/257fdb279729416b18568b9772415a3d/raw/765d294376b2fdf7adaf20071744ec384f56ec66/lockdown_hibernate.patch | |
| echo "Updating PKGBUILD" | |
| sed -i 's/pkgbase=linux-zen/pkgbase=linux-zen-sl/g' PKGBUILD | |
| sed -i 's/ config # the main kernel config file/ config # the main kernel config file\n lockdown_hibernate.patch/g' PKGBUILD | |
| echo "Updating MD5 sums" | |
| updpkgsums | |
| echo "Building package" | |
| makepkg | |
| echo "Moving package to repo" | |
| mv *.tar.zst .. | |
| echo "Add package to repo db" | |
| repo-add repo.db * |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -ur a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt | |
| --- a/Documentation/admin-guide/kernel-parameters.txt 2023-10-17 14:58:40.361978676 +0100 | |
| +++ b/Documentation/admin-guide/kernel-parameters.txt 2023-10-17 15:02:17.574816031 +0100 | |
| @@ -2903,6 +2903,11 @@ | |
| confidentiality, kernel features that allow userland | |
| to extract confidential information from the kernel | |
| are also disabled. | |
| + | |
| + lockdown_hibernate [HIBERNATION] | |
| + Enable hibernation even if lockdown is enabled. Enable this only if | |
| + your swap is encrypted and secured properly, as an attacker can | |
| + modify the kernel offline during hibernation. | |
| locktorture.nreaders_stress= [KNL] | |
| Set the number of locking read-acquisition kthreads. | |
| diff -ur a/kernel/power/hibernate.c b/kernel/power/hibernate.c | |
| --- a/kernel/power/hibernate.c 2023-10-10 21:03:06.000000000 +0100 | |
| +++ b/kernel/power/hibernate.c 2023-10-17 15:05:27.483430228 +0100 | |
| @@ -37,6 +37,7 @@ | |
| #include "power.h" | |
| +static int lockdown_hibernate; | |
| static int nocompress; | |
| static int noresume; | |
| static int nohibernate; | |
| @@ -83,7 +84,7 @@ | |
| bool hibernation_available(void) | |
| { | |
| return nohibernate == 0 && | |
| - !security_locked_down(LOCKDOWN_HIBERNATION) && | |
| + (lockdown_hibernate || !security_locked_down(LOCKDOWN_HIBERNATION)) && | |
| !secretmem_active() && !cxl_mem_active(); | |
| } | |
| @@ -1364,6 +1365,12 @@ | |
| return 1; | |
| } | |
| +static int __init lockdown_hibernate_setup(char *str) | |
| +{ | |
| + lockdown_hibernate = 1; | |
| + return 1; | |
| +} | |
| + | |
| __setup("noresume", noresume_setup); | |
| __setup("resume_offset=", resume_offset_setup); | |
| __setup("resume=", resume_setup); | |
| @@ -1371,3 +1378,4 @@ | |
| __setup("resumewait", resumewait_setup); | |
| __setup("resumedelay=", resumedelay_setup); | |
| __setup("nohibernate", nohibernate_setup); | |
| +__setup("lockdown_hibernate", lockdown_hibernate_setup); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment