From: Lenny Szubowicz <lszubowi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Matthew Garrett
<matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
jwboyer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org
Subject: Re: [PATCH 0/10] Add additional security checks when module loading is restricted
Date: Wed, 28 Aug 2013 18:58:12 -0400 (EDT) [thread overview]
Message-ID: <761791749.8594444.1377730692707.JavaMail.root@redhat.com> (raw)
In-Reply-To: <1377729714.27493.2.camel@x230>
----- Original Message -----
> From: "Matthew Garrett" <matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
> To: "Lenny Szubowicz" <lszubowi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, jwboyer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org
> Sent: Wednesday, August 28, 2013 6:41:55 PM
> Subject: Re: [PATCH 0/10] Add additional security checks when module loading is restricted
>
> On Wed, 2013-08-28 at 18:37 -0400, Lenny Szubowicz wrote:
>
> > Did you purposely exclude similar checks for hibernate that were covered
> > by earlier versions of your patch set?
>
> Yes, I think it's worth tying it in with the encrypted hibernation
> support. The local attack is significantly harder in the hibernation
> case - in the face of unknown hardware it basically involves a
> pre-generated memory image corresponding to your system or the ability
> to force a reboot into an untrusted environment. I think it's probably
> more workable to just add a configuration option for forcing encrypted
> hibernation when secure boot is in use.
>
> --
> Matthew Garrett <matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
I'm root. So I can write anything I want to the swap file that looks
like a valid hibernate image but is code of my choosing. I can read
anything I need from /dev/mem or /dev/kmem to help me do that.
I can then immediately initiate a reboot.
-Lenny.
WARNING: multiple messages have this Message-ID (diff)
From: Lenny Szubowicz <lszubowi@redhat.com>
To: Matthew Garrett <matthew.garrett@nebula.com>,
linux-kernel@vger.kernel.org
Cc: linux-efi@vger.kernel.org, jwboyer@redhat.com, keescook@chromium.org
Subject: Re: [PATCH 0/10] Add additional security checks when module loading is restricted
Date: Wed, 28 Aug 2013 18:58:12 -0400 (EDT) [thread overview]
Message-ID: <761791749.8594444.1377730692707.JavaMail.root@redhat.com> (raw)
In-Reply-To: <1377729714.27493.2.camel@x230>
----- Original Message -----
> From: "Matthew Garrett" <matthew.garrett@nebula.com>
> To: "Lenny Szubowicz" <lszubowi@redhat.com>
> Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, jwboyer@redhat.com, keescook@chromium.org
> Sent: Wednesday, August 28, 2013 6:41:55 PM
> Subject: Re: [PATCH 0/10] Add additional security checks when module loading is restricted
>
> On Wed, 2013-08-28 at 18:37 -0400, Lenny Szubowicz wrote:
>
> > Did you purposely exclude similar checks for hibernate that were covered
> > by earlier versions of your patch set?
>
> Yes, I think it's worth tying it in with the encrypted hibernation
> support. The local attack is significantly harder in the hibernation
> case - in the face of unknown hardware it basically involves a
> pre-generated memory image corresponding to your system or the ability
> to force a reboot into an untrusted environment. I think it's probably
> more workable to just add a configuration option for forcing encrypted
> hibernation when secure boot is in use.
>
> --
> Matthew Garrett <matthew.garrett@nebula.com>
I'm root. So I can write anything I want to the swap file that looks
like a valid hibernate image but is code of my choosing. I can read
anything I need from /dev/mem or /dev/kmem to help me do that.
I can then immediately initiate a reboot.
-Lenny.
next prev parent reply other threads:[~2013-08-28 22:58 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-19 17:26 [PATCH 0/10] Add additional security checks when module loading is restricted Matthew Garrett
2013-08-19 17:26 ` Matthew Garrett
2013-08-19 17:26 ` [PATCH V2 01/10] Add secure_modules() call Matthew Garrett
[not found] ` <1376933171-9854-2-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
2013-08-29 15:01 ` Josh Boyer
2013-08-29 15:01 ` Josh Boyer
[not found] ` <1376933171-9854-1-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
2013-08-19 17:26 ` [PATCH V2 02/10] PCI: Lock down BAR access when module security is enabled Matthew Garrett
2013-08-19 17:26 ` Matthew Garrett
2013-08-19 17:26 ` [PATCH V2 06/10] Restrict /dev/mem and /dev/kmem when module loading is restricted Matthew Garrett
2013-08-19 17:26 ` Matthew Garrett
2013-08-19 17:26 ` [PATCH V2 10/10] Add option to automatically enforce module signatures when in Secure Boot mode Matthew Garrett
2013-08-19 17:26 ` Matthew Garrett
2013-08-29 18:37 ` Josh Boyer
[not found] ` <20130829183713.GT20828-dHPIJuKSOV01V+h/cAXI7w8O6CCKKCg3HZ5vskTnxNA@public.gmane.org>
2013-08-30 20:46 ` H. Peter Anvin
2013-08-30 20:46 ` H. Peter Anvin
[not found] ` <522104A6.5000700-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2013-08-30 23:41 ` Josh Boyer
2013-08-30 23:41 ` Josh Boyer
[not found] ` <20130830234133.GR20828-dHPIJuKSOV01V+h/cAXI7w8O6CCKKCg3HZ5vskTnxNA@public.gmane.org>
2013-09-04 10:51 ` joeyli
2013-09-04 10:51 ` joeyli
[not found] ` <1378291877.6380.74.camel-ONCj+Eqt86TasUa73XJKwA@public.gmane.org>
2013-09-04 12:01 ` Josh Boyer
2013-09-04 12:01 ` Josh Boyer
[not found] ` <CA+5PVA4J1mL0o=MHM-D81rcViR+E3JUyGChvHe8P+3+yt3v_qA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-04 13:13 ` joeyli
2013-09-04 13:13 ` joeyli
2013-08-28 22:37 ` [PATCH 0/10] Add additional security checks when module loading is restricted Lenny Szubowicz
2013-08-28 22:37 ` Lenny Szubowicz
[not found] ` <1241952070.8587861.1377729463830.JavaMail.root-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-28 22:41 ` Matthew Garrett
2013-08-28 22:41 ` Matthew Garrett
2013-08-28 22:58 ` Lenny Szubowicz [this message]
2013-08-28 22:58 ` Lenny Szubowicz
[not found] ` <761791749.8594444.1377730692707.JavaMail.root-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-28 23:05 ` Matthew Garrett
2013-08-28 23:05 ` Matthew Garrett
2013-08-28 23:07 ` Kees Cook
2013-08-28 23:07 ` Kees Cook
2013-08-28 23:12 ` Matthew Garrett
2013-08-28 23:12 ` Matthew Garrett
[not found] ` <CAGXu5jKQtx1OEn8qT8+LgHL+xFgK_pHGrxtdwFfKT1q3FHhaNg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-02 5:22 ` joeyli
2013-09-02 5:22 ` joeyli
2013-08-19 17:26 ` [PATCH V2 03/10] x86: Lock down IO port access when module security is enabled Matthew Garrett
2013-08-19 17:26 ` [PATCH V2 04/10] ACPI: Limit access to custom_method Matthew Garrett
2013-08-19 17:26 ` [PATCH V2 05/10] asus-wmi: Restrict debugfs interface when module loading is restricted Matthew Garrett
2013-08-19 17:26 ` [PATCH V2 07/10] acpi: Ignore acpi_rsdp kernel parameter " Matthew Garrett
2013-08-19 17:26 ` [PATCH V2 08/10] kexec: Disable at runtime if the kernel enforces module loading restrictions Matthew Garrett
[not found] ` <1376933171-9854-9-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
2013-08-29 15:57 ` Lenny Szubowicz
2013-08-29 15:57 ` Lenny Szubowicz
[not found] ` <410604531.9664777.1377791856786.JavaMail.root-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-29 18:14 ` Lenny Szubowicz
2013-08-29 18:14 ` Lenny Szubowicz
2013-08-29 18:10 ` Vivek Goyal
2013-08-29 18:10 ` Vivek Goyal
2013-08-19 17:26 ` [PATCH V2 09/10] x86: Restrict MSR access when module loading is restricted Matthew Garrett
2013-08-19 17:34 ` [PATCH 0/10] Add additional security checks " Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=761791749.8594444.1377730692707.JavaMail.root@redhat.com \
--to=lszubowi-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=jwboyer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.