From: "H. Peter Anvin" <h.peter.anvin@intel.com>
To: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Matthew Garrett <mjg59@srcf.ucam.org>
Subject: Re: RFC: Tainting the kernel on raw I/O access
Date: Wed, 03 Sep 2014 15:25:32 -0700 [thread overview]
Message-ID: <5407955C.3040501@intel.com> (raw)
In-Reply-To: <20140903232018.17bba503@alan.etchedpixels.co.uk>
On 09/03/2014 03:20 PM, One Thousand Gnomes wrote:
>
> If you just want some "detector bits" for bug report filtering them its
> quite a different need to fixing "secure" boot mode. Even in the detector
> bits case there should be an overall plan and some defined properties
> that provide the security and which you can show should always be true.
>
As far as I'm concerning this is just a set of "detector bits". My
observation was simply that this is a *subset* of what "secure boot"
will eventually need.
Secure boot will need the error path no matter what... tainting
obviously doesn't.
(As far as I'm concerned, I'd be happy tainting the kernel for any
operation that requires CAP_RAWIO, but maybe that is too extreme.)
-hpa
next prev parent reply other threads:[~2014-09-03 22:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-03 21:20 RFC: Tainting the kernel on raw I/O access H. Peter Anvin
2014-09-03 22:15 ` Matthew Garrett
2014-09-03 22:20 ` One Thousand Gnomes
2014-09-03 22:25 ` H. Peter Anvin [this message]
2014-09-04 15:56 ` One Thousand Gnomes
2014-09-03 23:46 ` Andi Kleen
2014-09-04 14:10 ` Austin S Hemmelgarn
2014-09-04 16:43 ` One Thousand Gnomes
2014-09-04 5:07 ` Ingo Molnar
2014-09-04 16:47 ` One Thousand Gnomes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5407955C.3040501@intel.com \
--to=h.peter.anvin@intel.com \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox