Re: [PATCH] x86: Lock down MSR writing in secure boot
[Posted March 12, 2013 by mkerrisk]
| From: |
| "H. Peter Anvin" <hpa-AT-zytor.com> |
| To: |
| Matthew Garrett <matthew.garrett-AT-nebula.com> |
| Subject: |
| Re: [PATCH] x86: Lock down MSR writing in secure boot |
| Date: |
| Tue, 12 Feb 2013 22:33:32 -0800 |
| Message-ID: |
| <511B33BC.9080307@zytor.com> |
| Cc: |
| Borislav Petkov <bp-AT-alien8.de>, Kees Cook <keescook-AT-chromium.org>,
LKML <linux-kernel-AT-vger.kernel.org>,
Thomas Gleixner <tglx-AT-linutronix.de>,
Ingo Molnar <mingo-AT-redhat.com>,
"x86-AT-kernel.org" <x86-AT-kernel.org>,
"linux-efi-AT-vger.kernel.org" <linux-efi-AT-vger.kernel.org>,
linux-security-module <linux-security-module-AT-vger.kernel.org> |
| Archive‑link: | |
Article |
On 02/12/2013 10:27 PM, Matthew Garrett wrote:
> On Tue, 2013-02-12 at 22:12 -0800, H. Peter Anvin wrote:
>
>> Sounds like you are thinking of CAP_SYS_ADMIN, but I don't really see a
>> huge difference between MSRs and I/O control registers... just different
>> address spaces.
>
> Not having CAP_SYS_RAWIO blocks various SCSI commands, for instance.
> These might result in the ability to write individual blocks or destroy
> the device firmware, but do any of them permit modifying the running
> kernel?
That is just batshit crazy. If you have CAP_SYS_RAWIO you can do iopl()
which means you can reprogram your northbridge, at which point you most
definitely *can* modify the running kernel.
And some SCSI driver requires this??!
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
