From mboxrd@z Thu Jan 1 00:00:00 1970 From: Borislav Petkov Subject: Re: [PATCH] x86: Lock down MSR writing in secure boot Date: Sat, 9 Feb 2013 10:29:25 +0100 Message-ID: <20130209092925.GA17728@pd.tnic> References: <1360355671.18083.18.camel@x230.lan> <51157C9C.6030501@zytor.com> <20130208230655.GB28990@pd.tnic> <1360366012.18083.21.camel@x230.lan> <5115A4CC.3080102@zytor.com> <1360373383.18083.23.camel@x230.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Kees Cook Cc: Matthew Garrett , "H. Peter Anvin" , LKML , Thomas Gleixner , Ingo Molnar , "x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org" , "linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , linux-security-module List-Id: linux-efi@vger.kernel.org On Fri, Feb 08, 2013 at 10:45:35PM -0800, Kees Cook wrote: > Also, _reading_ MSRs from userspace arguably has utility that doesn't > compromise ring-0. And to come back to the original question: what is that utility, who would need it on a secure boot system and why? -- Regards/Gruss, Boris. Sent from a fat crate under my desk. Formatting is fine. --