Re: /dev/mem and secure boot - Greg Kroah-Hartman

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Jean Delvare <jdelvare@suse.de>
Cc: Arnd Bergmann <arnd@arndb.de>, Thomas <trenn@suse.de>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: /dev/mem and secure boot
Date: Fri, 6 Sep 2019 14:15:10 +0200	[thread overview]
Message-ID: <20190906121510.GA17328@kroah.com> (raw)
In-Reply-To: <20190906130221.0b47a565@endymion>

On Fri, Sep 06, 2019 at 01:02:21PM +0200, Jean Delvare wrote:
> I've been bitten recently by mcelog not working on machines started in
> secure boot mode. mcelog tries to read DMI information from /dev/mem
> and fails to open it.

What do you mean by "secure boot"?  Is this matthew's patchset that
restricts /dev/mem/ or something else?

> This made me wonder: if not even root can read /dev/mem (nor, I
> suppose, /dev/kmem and /dev/port) in secure boot mode, why are we
> creating these device nodes at all in the first place? Can't we detect
> that we are in secure boot mode and skip that step, and reap the rewards
> (faster boot, lower memory footprint and less confusion)?

Sure, feel free to not register it at all if the mode is enabled.

thanks,

greg k-h

next prev parent reply	other threads:[~2019-09-06 12:15 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-06 11:02 /dev/mem and secure boot Jean Delvare
2019-09-06 12:15 ` Greg Kroah-Hartman [this message]
2019-09-06 15:07   ` Jean Delvare
2019-09-06 15:08     ` Jean Delvare
2019-09-09 13:09   ` Jean Delvare
2019-09-12 10:44     ` Thomas Renninger
2019-09-16  9:38     ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190906121510.GA17328@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=arnd@arndb.de \
    --cc=jdelvare@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=trenn@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.