[SRU] [B/D/E] [PATCH 0/1] Enable RTL8723BS under kernel lockdown

Kai-Heng Feng kai.heng.feng at canonical.com
Thu Jul 18 08:52:38 UTC 2019

at 22:28, Seth Forshee <seth.forshee at canonical.com> wrote:

> On Wed, Jul 17, 2019 at 05:01:50PM +0800, Kai-Heng Feng wrote:
>> BugLink: https://bugs.launchpad.net/bugs/1836440
>> [Impact]
>> Realtek 8723bs doesn't work if secureboot is enabled.
>> [Fix]
>> Whitelist r8723bs.ko under kernel lockdown.
>> [Test]
>> r8723bs.ko loads and works once it's whitelisted.
>> [Regression Potenial]
>> Low. This is to enable Realtek 8723bs under kernel lockdown so it has a
>> very limited impact scope.
> Has the driver been reviewed to confirm that it is suitable for use
> under lockdown, i.e. it does not introduce any new interfaces to
> userspace which would allow userspace to modify the kernel or extract
> confidential information from the kernel? If so, can you please provide
> a summary of any userspace interfaces contained within the driver?

rtl8723bs exposes procfs to provide detailed debug information which may  
contain sensitive data.
I’ll send a patch to disable procfs on rtl8723bs.

Other than that it uses regular ioctl and cfg80211 interfaces and they  
seems to be fine.


> Thanks,
> Seth

More information about the kernel-team mailing list