Re: [PATCH] x86: Lock down MSR writing in secure boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Matthew Garrett <matthew.garrett@xxxxxxxxxx>
Subject: Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Date: Wed, 13 Feb 2013 17:34:36 -0800
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "linux-efi@xxxxxxxxxxxxxxx" <linux-efi@xxxxxxxxxxxxxxx>, linux-security-module <linux-security-module@xxxxxxxxxxxxxxx>, Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
In-reply-to: <1360803872.18083.46.camel@x230.lan>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2

On 2/13/2013 5:04 PM, Matthew Garrett wrote:
> On Wed, 2013-02-13 at 16:44 -0800, Casey Schaufler wrote:
>
>> If you want that sort of granularity throw yourself on the SELinux
>> bandwagon. Fine grained capabilities are insane and unmanageable
>> and will only lead to tears. Security is despised because of the
>> notion that making systems impossible to use is a good thing.
> SELinux is completely unusable for this specific case.
>
Well, you'll get no argument from me there.

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

References:
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Kees Cook
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Borislav Petkov
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Kees Cook
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Borislav Petkov
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Casey Schaufler
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: H. Peter Anvin
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Casey Schaufler
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Casey Schaufler
- Re: [PATCH] x86: Lock down MSR writing in secure boot
  - From: Matthew Garrett

Prev by Date: Re: [PATCH] efi: Clear EFI_RUNTIME_SERVICES rather than EFI_BOOT by "noefi" boot parameter
Next by Date: Re: [PATCH] x86: Lock down MSR writing in secure boot
Previous by thread: Re: [PATCH] x86: Lock down MSR writing in secure boot
Next by thread: Re: [PATCH] x86: Lock down MSR writing in secure boot
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]