From fb0d0358cce0e0e36b4155f3bc28b01ac58096c3 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 20 Jun 2014 08:53:24 -0400
Subject: [PATCH 14/16] hibernate: Disable when securelevel is set
Patch-mainline: Queued in subsystem maintainer repository
Git-repo: https://github.com/mjg59/linux
Git-commit: fb0d0358cce0e0e36b4155f3bc28b01ac58096c3
References: fate#320387
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the securelevel trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
kernel/power/hibernate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -29,6 +29,7 @@
#include <linux/ctype.h>
#include <linux/genhd.h>
#include <linux/ktime.h>
+#include <linux/security.h>
#include <trace/events/power.h>
#include "power.h"
@@ -66,7 +67,7 @@ static const struct platform_hibernation
bool hibernation_available(void)
{
- return (nohibernate == 0);
+ return ((nohibernate == 0) && (get_securelevel() <= 0));
}
/**