On Mon, 2013-09-09 at 09:27 -0700, H. Peter Anvin wrote: > On 09/09/2013 08:49 AM, Matthew Garrett wrote: > > +1: Secure mode. If set, userspace will be unable to perform direct access > > + to PCI devices, port IO access, access system memory directly via > > + /dev/mem and /dev/kmem, perform kexec_load(), use the userspace > > + software suspend mechanism, insert new ACPI code at runtime via the > > + custom_method interface or modify CPU MSRs (on x86). Certain drivers > > + may also limit additional interfaces. > > + > > This will break or have to be redefined once you have signed kexec. So, thinking about this, how about defining it as: 1: Secure mode. If set, userspace will be prevented from performing any operation that would permit the insertion of untrusted code into the running kernel. At present this includes direct access to PCI devices, port IO access, direct system memory access via /dev/mem and /dev/kmem, kexec_load(), the userspace software suspend mechanism, insertion of new ACPI code at runtime via the custom_method interface or modification of CPU MSRs (on x86). Certain drivers may also limit additional interfaces. -- Matthew Garrett <matthew.garrett@xxxxxxxxxx> ��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥