From: Jani Nikula <jani.nikula@intel.com>
To: Andy Lutomirski <luto@kernel.org>, Justin Forbes <jmforbes@linuxtx.org>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
Peter Jones <pjones@redhat.com>,
joeyli.kernel@gmail.com,
ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [TECH TOPIC] Kernel lockdown and secure boot
Date: Thu, 06 Sep 2018 13:00:36 +0300 [thread overview]
Message-ID: <87y3cfymgr.fsf@intel.com> (raw)
In-Reply-To: <CALCETrVFSk=8eMyzsjkOPKne2kVuZzjyn5tLNDnB3ZaBGh1qrQ@mail.gmail.com>
On Wed, 05 Sep 2018, Andy Lutomirski <luto@kernel.org> wrote:
> 2. What exactly does lockdown do?
>
> #2 is a bigger deal. At least one version that shipped in a Fedora
> kernel actually broke systemd, and that's not cool. And I really
> think we need to make lockdown non-binary to get this right. I've
> proposed LOCKDOWN_PROTECT_INTEGRITY (i.e. try to prevent root from
> modifying the running kernel) and LOCKDOWN_PROTECT_SECRECY (try to
> prevent root from reading kernel memory), and no one seems to have
> actually objected.
Clueless bystander comment: I spent a while debugging a bug reporter's
-EPERM issue on direct PCI bar access. Took me a while to realize this
was caused by kernel lockdown on the user's distro. I expect more issues
like this to pop up as the use of lockdown proliferates, and I don't
think it's necessarily obvious when lockdown changes behaviour.
I guess I'm asking, have you considered an audit log for lockdown
blocked access, and if you've rejected the idea, why?
BR,
Jani.
--
Jani Nikula, Intel Open Source Graphics Center
next prev parent reply other threads:[~2018-09-06 10:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-05 16:53 David Howells
2018-09-05 19:33 ` Jiri Kosina
2018-09-05 19:51 ` Justin Forbes
2018-09-05 20:14 ` David Howells
2018-09-05 20:34 ` Justin Forbes
2018-09-05 20:53 ` Andy Lutomirski
2018-09-05 21:01 ` Justin Forbes
2018-09-06 6:53 ` joeyli
2018-09-06 10:00 ` Jani Nikula [this message]
2018-09-06 10:05 ` David Howells
2018-09-06 10:21 ` Jani Nikula
2018-09-07 19:53 ` Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y3cfymgr.fsf@intel.com \
--to=jani.nikula@intel.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=jmforbes@linuxtx.org \
--cc=joeyli.kernel@gmail.com \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=luto@kernel.org \
--cc=pjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox