| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "A watchdog to protect the system if pciguard goes into crash loop" |
| author "chromium-os-dev@chromium.org" |
| |
| oom score -200 |
| |
| start on stopped pciguard RESULT="failed" PROCESS="respawn" |
| task |
| |
| script |
| logger -p ERR "pciguard in crash loop, locking down the system!" |
| for f in /sys/bus/thunderbolt/devices/*/authorized; do |
| echo 0 > "${f}" || logger -p ERR "Unable to deauthorize ${f}" |
| done |
| echo 1 > /sys/bus/pci/drivers_allowlist_lockdown |
| end script |