From: Jani Nikula <jani.nikula@intel.com>
To: Andy Lutomirski <luto@kernel.org>, Justin Forbes <jmforbes@linuxtx.org>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
Peter Jones <pjones@redhat.com>,
joeyli.kernel@gmail.com,
ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [TECH TOPIC] Kernel lockdown and secure boot
Date: Thu, 06 Sep 2018 13:00:36 +0300 [thread overview]
Message-ID: <87y3cfymgr.fsf@intel.com> (raw)
In-Reply-To: <CALCETrVFSk=8eMyzsjkOPKne2kVuZzjyn5tLNDnB3ZaBGh1qrQ@mail.gmail.com>
On Wed, 05 Sep 2018, Andy Lutomirski <luto@kernel.org> wrote:
> 2. What exactly does lockdown do?
>
> #2 is a bigger deal. At least one version that shipped in a Fedora
> kernel actually broke systemd, and that's not cool. And I really
> think we need to make lockdown non-binary to get this right. I've
> proposed LOCKDOWN_PROTECT_INTEGRITY (i.e. try to prevent root from
> modifying the running kernel) and LOCKDOWN_PROTECT_SECRECY (try to
> prevent root from reading kernel memory), and no one seems to have
> actually objected.
Clueless bystander comment: I spent a while debugging a bug reporter's
-EPERM issue on direct PCI bar access. Took me a while to realize this
was caused by kernel lockdown on the user's distro. I expect more issues
like this to pop up as the use of lockdown proliferates, and I don't
think it's necessarily obvious when lockdown changes behaviour.
I guess I'm asking, have you considered an audit log for lockdown
blocked access, and if you've rejected the idea, why?
BR,
Jani.
--
Jani Nikula, Intel Open Source Graphics Center
next prev parent reply other threads:[~2018-09-06 10:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-05 16:53 [Ksummit-discuss] [TECH TOPIC] Kernel lockdown and secure boot David Howells
2018-09-05 19:33 ` Jiri Kosina
2018-09-05 19:51 ` Justin Forbes
2018-09-05 20:14 ` David Howells
2018-09-05 20:34 ` Justin Forbes
2018-09-05 20:53 ` Andy Lutomirski
2018-09-05 21:01 ` Justin Forbes
2018-09-06 6:53 ` joeyli
2018-09-06 10:00 ` Jani Nikula [this message]
2018-09-06 10:05 ` David Howells
2018-09-06 10:21 ` Jani Nikula
2018-09-07 19:53 ` Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y3cfymgr.fsf@intel.com \
--to=jani.nikula@intel.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=jmforbes@linuxtx.org \
--cc=joeyli.kernel@gmail.com \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=luto@kernel.org \
--cc=pjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.