Re: Do not allow MSR or Embedded Controller writes from userspace in secure boot case

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matthew Garrett <mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
To: Thomas Renninger <trenn-l3A5Bk7waGM@public.gmane.org>
Cc: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
	linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
	jlee-IBi9RG/b67k@public.gmane.org
Subject: Re: Do not allow MSR or Embedded Controller writes from userspace in secure boot case
Date: Thu, 8 Nov 2012 14:41:25 +0000	[thread overview]
Message-ID: <20121108144125.GC24094@srcf.ucam.org> (raw)
In-Reply-To: <201211081538.34091.trenn-l3A5Bk7waGM@public.gmane.org>

On Thu, Nov 08, 2012 at 03:38:33PM +0100, Thomas Renninger wrote:

> BTW: Who decides what is allowed and what is not?

Tree maintainers.

> I guess it should be the spec. I haven't read the details, but
> when even Matthew is not sure, it sounds as if this is phrased
> rather imprecise. And as Windows is afaik the central key authority
> they can enforce their interpretation of the spec for Linux as well?

The spec is purely mechanism, not policy. Policy is up to the OS 
vendors.

> I like to have this boot parameter to also work the
> other way around:
> secureboot_enable=no
> and let all secure boot things fall off, only set a
> TAINT_INSECURE_BOOT_EVEN_BIOS_REQUESTED_SECURE_BOOT
> 
> Can SUSE sign this kernel without fearing to get the key revoked
> from Windows?

If anyone used that kernel to attack Windows, the signature would get 
revoked.

> Can this exist in the mainline kernel?

Sure, but vendors might want to patch it out, depending on how paranoid 
they are.

-- 
Matthew Garrett | mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org

next prev parent reply	other threads:[~2012-11-08 14:41 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-07 21:28 Do not allow MSR or Embedded Controller writes from userspace in secure boot case Thomas Renninger
     [not found] ` <1352323699-52400-1-git-send-email-trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-07 21:28   ` [PATCH 1/2] ACPI ec_sys: Do not allow write access to EC in secure boot mode Thomas Renninger
2012-11-07 21:28   ` [PATCH 2/2] X86 msr: Do not allow MSR writes " Thomas Renninger
2012-11-07 21:54   ` Do not allow MSR or Embedded Controller writes from userspace in secure boot case Matthew Garrett
     [not found]     ` <20121107215403.GA7277-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
2012-11-07 22:50       ` H. Peter Anvin
2012-11-07 22:51       ` H. Peter Anvin
     [not found]         ` <509AE5DA.1030508-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2012-11-07 23:21           ` Alan Cox
2012-11-08 14:38           ` Thomas Renninger
     [not found]             ` <201211081538.34091.trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-08 14:41               ` Matthew Garrett [this message]
     [not found]                 ` <20121108144125.GC24094-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
2012-11-08 14:44                   ` Shea Levy
     [not found]                     ` <509BC53B.5070304-yfkUTty7RcRWk0Htik3J/w@public.gmane.org>
2012-11-08 14:47                       ` Matthew Garrett
2012-11-09 12:35               ` H. Peter Anvin
2012-11-08  9:40       ` Thomas Renninger
     [not found]         ` <201211081040.33981.trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-08 14:39           ` Matthew Garrett
     [not found]             ` <20121108143919.GB24094-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org>
2012-11-08 16:43               ` Alan Cox
2012-11-07 23:27   ` Alan Cox
     [not found]     ` <20121107232722.67589868-38n7/U1jhRXW96NNrWNlrekiAK3p4hvP@public.gmane.org>
2012-11-08 14:19       ` [RFC] [PATCH] X86 MSR read whitelist Thomas Renninger
     [not found]         ` <201211081519.23364.trenn-l3A5Bk7waGM@public.gmane.org>
2012-11-08 15:36           ` Alan Cox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121108144125.GC24094@srcf.ucam.org \
    --to=mjg59-1xo5oi07kqx4cg9nei1l7q@public.gmane.org \
    --cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
    --cc=jlee-IBi9RG/b67k@public.gmane.org \
    --cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
    --cc=trenn-l3A5Bk7waGM@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.