Re: [PATCH] x86: Lock down MSR writing in secure boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Borislav Petkov <bp@xxxxxxxxx>
Date: Sat, 9 Feb 2013 10:29:25 +0100
Cc: Matthew Garrett <matthew.garrett@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "linux-efi@xxxxxxxxxxxxxxx" <linux-efi@xxxxxxxxxxxxxxx>, linux-security-module <linux-security-module@xxxxxxxxxxxxxxx>
In-reply-to: <CAGXu5j+xvJ3L5ejxtZ-Jw3F6rV7OsrE0_HZCGu_er0rH2_PwKA@mail.gmail.com>
Mail-followup-to: Borislav Petkov <bp@xxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Matthew Garrett <matthew.garrett@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "linux-efi@xxxxxxxxxxxxxxx" <linux-efi@xxxxxxxxxxxxxxx>, linux-security-module <linux-security-module@xxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

On Fri, Feb 08, 2013 at 10:45:35PM -0800, Kees Cook wrote:
> Also, _reading_ MSRs from userspace arguably has utility that doesn't
> compromise ring-0.

And to come back to the original question: what is that utility, who
would need it on a secure boot system and why?

-- 
Regards/Gruss,
    Boris.

Sent from a fat crate under my desk. Formatting is fine.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Kees Cook

References:
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Kees Cook
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Kees Cook
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Borislav Petkov
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Kees Cook

Prev by Date: Re: [PATCH] x86: Lock down MSR writing in secure boot
Next by Date: Re: [PATCH] x86: Lock down MSR writing in secure boot
Previous by thread: Re: [PATCH] x86: Lock down MSR writing in secure boot
Next by thread: Re: [PATCH] x86: Lock down MSR writing in secure boot
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]