From: Thomas Renninger <trenn-l3A5Bk7waGM@public.gmane.org>
To: Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
jlee-IBi9RG/b67k@public.gmane.org
Subject: Re: Do not allow MSR or Embedded Controller writes from userspace in secure boot case
Date: Thu, 8 Nov 2012 10:40:33 +0100 [thread overview]
Message-ID: <201211081040.33981.trenn@suse.de> (raw)
In-Reply-To: <20121107215403.GA7277-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
On Wednesday, November 07, 2012 09:54:03 PM Matthew Garrett wrote:
> Is there a case where modifying MSRs or EC registers can cause arbitrary
> code execution?
Ok, I am not familiar enough with this secure stuff.
Theoretically writing EC registers could be used to trick ACPI
code and change the way it is processed by inspecting ACPI
code for bad EC register return values.
Similar for MSR, the kernel could be (not directly) influenced
by setting MSR registers in a way it does not expect them to be.
I expect it's easy to get the system totally stalled/hang/rebooted
with bad MSR writes which I thought should be forbidden for
userspace (even for root...) in secure boot mode.
Thomas
next prev parent reply other threads:[~2012-11-08 9:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-07 21:28 Do not allow MSR or Embedded Controller writes from userspace in secure boot case Thomas Renninger
[not found] ` <1352323699-52400-1-git-send-email-trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-07 21:28 ` [PATCH 1/2] ACPI ec_sys: Do not allow write access to EC in secure boot mode Thomas Renninger
2012-11-07 21:28 ` [PATCH 2/2] X86 msr: Do not allow MSR writes " Thomas Renninger
2012-11-07 21:54 ` Do not allow MSR or Embedded Controller writes from userspace in secure boot case Matthew Garrett
[not found] ` <20121107215403.GA7277-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
2012-11-07 22:50 ` H. Peter Anvin
2012-11-07 22:51 ` H. Peter Anvin
[not found] ` <509AE5DA.1030508-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2012-11-07 23:21 ` Alan Cox
2012-11-08 14:38 ` Thomas Renninger
[not found] ` <201211081538.34091.trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-08 14:41 ` Matthew Garrett
[not found] ` <20121108144125.GC24094-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
2012-11-08 14:44 ` Shea Levy
[not found] ` <509BC53B.5070304-yfkUTty7RcRWk0Htik3J/w@public.gmane.org>
2012-11-08 14:47 ` Matthew Garrett
2012-11-09 12:35 ` H. Peter Anvin
2012-11-08 9:40 ` Thomas Renninger [this message]
[not found] ` <201211081040.33981.trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-08 14:39 ` Matthew Garrett
[not found] ` <20121108143919.GB24094-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
2012-11-08 16:43 ` Alan Cox
2012-11-07 23:27 ` Alan Cox
[not found] ` <20121107232722.67589868-38n7/U1jhRXW96NNrWNlrekiAK3p4hvP@public.gmane.org>
2012-11-08 14:19 ` [RFC] [PATCH] X86 MSR read whitelist Thomas Renninger
[not found] ` <201211081519.23364.trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-08 15:36 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201211081040.33981.trenn@suse.de \
--to=trenn-l3a5bk7wagm@public.gmane.org \
--cc=jlee-IBi9RG/b67k@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.