On Sat, May 4, 2024 at 4:13 PM Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> wrote: > On 5/4/2024 1:04 AM, Bagas Sanjaya wrote: > > On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote: > >> +IPE does not mitigate threats arising from malicious but authorized > >> +developers (with access to a signing certificate), or compromised > >> +developer tools used by them (i.e. return-oriented programming attacks). > >> +Additionally, IPE draws hard security boundary between userspace and > >> +kernelspace. As a result, IPE does not provide any protections against a > >> +kernel level exploit, and a kernel-level exploit can disable or tamper > >> +with IPE's protections. > > > > So how to mitigate kernel-level exploits then? > > One possible way is to use hypervisor to protect the kernel integrity. > https://github.com/heki-linux is one project on this direction. Perhaps > I should also add this link to the doc. I wouldn't spend a lot of time on kernel exploits in the IPE documentation as it is out of scope for IPE. In face, I would say just that in the last sentence in the paragraph above: "As a result, kernel-level exploits are considered outside the scope of IPE and mitigation is left to other mechanisms." (or something similar) -- paul-moore.com
