From mboxrd@z Thu Jan 1 00:00:00 1970 From: "H. Peter Anvin" Subject: Re: Use PCI ROMs from EFI boot services Date: Wed, 05 Dec 2012 17:21:44 -0800 Message-ID: <50BFF328.5030406@zytor.com> References: <1345739803-21017-1-git-send-email-mjg@redhat.com> <20121203200241.GG5906@thinkpad-t410> <20121206001819.GA30527@srcf.ucam.org> <50BFE50C.8030008@zytor.com> <50BFE890.5070109@zytor.com> <50BFEF09.9000408@zytor.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Matthew Garrett Cc: Yinghai Lu , Bjorn Helgaas , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, mfleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org, dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org, "Eric W. Biederman" List-Id: linux-efi@vger.kernel.org On 12/05/2012 05:13 PM, Matthew Garrett wrote: > > > "H. Peter Anvin" wrote: > >> And that presumably would be something that cannot be exposed to root? >> If so we may want to use one of the bits in the setup_data type field >> as >> a security flag, perhaps... > > Yeah, it needs to be hidden from root - but ideally we'd be passing it to the second kernel if we kexec. Alternative would be for it to be capability bounded to a trusted signed kexec binary if we implement Vivek's IMA-based approach. > Either way a security flag in the type field makes sense. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from terminus.zytor.com ([198.137.202.10]:42284 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752908Ab2LFBVz (ORCPT ); Wed, 5 Dec 2012 20:21:55 -0500 Message-ID: <50BFF328.5030406@zytor.com> Date: Wed, 05 Dec 2012 17:21:44 -0800 From: "H. Peter Anvin" MIME-Version: 1.0 To: Matthew Garrett CC: Yinghai Lu , Bjorn Helgaas , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-efi@vger.kernel.org, mfleming@intel.com, dwmw2@infradead.org, "Eric W. Biederman" Subject: Re: Use PCI ROMs from EFI boot services References: <1345739803-21017-1-git-send-email-mjg@redhat.com> <20121203200241.GG5906@thinkpad-t410> <20121206001819.GA30527@srcf.ucam.org> <50BFE50C.8030008@zytor.com> <50BFE890.5070109@zytor.com> <50BFEF09.9000408@zytor.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Sender: linux-pci-owner@vger.kernel.org List-ID: On 12/05/2012 05:13 PM, Matthew Garrett wrote: > > > "H. Peter Anvin" wrote: > >> And that presumably would be something that cannot be exposed to root? >> If so we may want to use one of the bits in the setup_data type field >> as >> a security flag, perhaps... > > Yeah, it needs to be hidden from root - but ideally we'd be passing it to the second kernel if we kexec. Alternative would be for it to be capability bounded to a trusted signed kexec binary if we implement Vivek's IMA-based approach. > Either way a security flag in the type field makes sense. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf.