Re: [PATCH] x86: Lock down MSR writing in secure boot [LWN.net]

From:		"H. Peter Anvin" <hpa-AT-zytor.com>
To:		Matthew Garrett <matthew.garrett-AT-nebula.com>
Subject:		Re: [PATCH] x86: Lock down MSR writing in secure boot
Date:		Tue, 12 Feb 2013 16:48:12 -0800
Message-ID:		<511AE2CC.5040705@zytor.com>
Cc:		Borislav Petkov <bp-AT-alien8.de>, Kees Cook <keescook-AT-chromium.org>, LKML <linux-kernel-AT-vger.kernel.org>, Thomas Gleixner <tglx-AT-linutronix.de>, Ingo Molnar <mingo-AT-redhat.com>, "x86-AT-kernel.org" <x86-AT-kernel.org>, "linux-efi-AT-vger.kernel.org" <linux-efi-AT-vger.kernel.org>, linux-security-module <linux-security-module-AT-vger.kernel.org>
Archive-link:		Article, Thread

On 02/09/2013 07:11 AM, Matthew Garrett wrote:
> On Sat, 2013-02-09 at 10:29 +0100, Borislav Petkov wrote:
>> On Fri, Feb 08, 2013 at 10:45:35PM -0800, Kees Cook wrote:
>>> Also, _reading_ MSRs from userspace arguably has utility that doesn't
>>> compromise ring-0.
>>
>> And to come back to the original question: what is that utility, who
>> would need it on a secure boot system and why?
> 
> Things like Turbostat are useful, although perhaps that information
> should be exposed in a better way.
> 

OK... what none of this gets into:

Why should CAP_RAWIO be allowed on a secure boot system, when there are
2^n known ways of compromise a system with CAP_RAWIO?

	-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

(Log in to post comments)