Feature #15329

Ensure we benefit from security features introduced in Linux 4.15

Added by intrigeri 2018-02-19 12:27:42 . Updated 2018-03-14 11:09:45 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2018-02-19
Due date:
% Done:

100%

Feature Branch:
feature/15309-linux-4.15
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Deliverable for:


Subtasks


Related issues

Blocked by Tails - Feature #15309: Upgrade to Linux 4.15 Resolved 2018-02-13

History

#1 Updated by intrigeri 2018-02-19 12:31:20

  • Status changed from Confirmed to In Progress
  • Assignee changed from intrigeri to bertagaz
  • % Done changed from 0 to 100
  • QA Check set to Ready for QA
  • Feature Branch set to feature/15309-linux-4.15

The new stuff is enabled for everyone (without config settings) so there’s nothing to be done here.

#2 Updated by intrigeri 2018-02-19 12:31:29

#3 Updated by bertagaz 2018-02-20 12:25:40

intrigeri wrote:
> https://outflux.net/blog/archives/2018/02/05/security-things-in-linux-v4-15/

In this above link I see PTI entered 4.15. Did you consider it? Other than that Feature #15329#note-1 seems true for Feature #15000 feature, so I see no reasons not to close this ticket.

#4 Updated by bertagaz 2018-02-20 12:26:02

  • Assignee changed from bertagaz to intrigeri
  • QA Check changed from Ready for QA to Info Needed

#5 Updated by intrigeri 2018-02-20 13:29:20

  • Assignee changed from intrigeri to bertagaz
  • QA Check changed from Info Needed to Ready for QA

Sorry for not making this explicit. Adding KPTI support was the reason why we released the Tails 3.4 emergency release so we’ve had it for a while already:

$ grep '^CONFIG_PAGE_TABLE_ISOLATION=' /boot/config-4.14.0-3-amd64 
CONFIG_PAGE_TABLE_ISOLATION=y

#6 Updated by bertagaz 2018-02-21 14:03:10

  • Status changed from In Progress to Fix committed
  • Assignee deleted (bertagaz)
  • QA Check changed from Ready for QA to Pass

Did not think to look if it was already activated or not, sorry. So Feature #15309 has been merged into devel, let say we’re good here.

#7 Updated by bertagaz 2018-03-14 11:09:45

  • Status changed from Fix committed to Resolved