On Thu, Jan 16, 2020 at 4:00 PM Daniel Axtens <d...@axtens.net> wrote: > > Michael Ellerman <m...@ellerman.id.au> writes: > > > From: Joel Stanley <j...@jms.id.au> > > > > This turns on HARDENED_USERCOPY with HARDENED_USERCOPY_PAGESPAN, and > > FORTIFY_SOURCE. > > > > It also enables SECURITY_LOCKDOWN_LSM with _EARLY and > > LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY options enabled. > > > > As I said before, this will disable xmon entirely. If we want to set > this, we should compile out xmon. But if we want xmon in read-only mode > to be an option, we should pick integrity mode. > > I don't really mind, because I don't work with skiroot very > much. Oliver, Joel, Nayna, you all do stuff around this sort of level - > is this a problem for any of you?
Keep it enabled and force INTEGRITY mode. There are some cases where xmon is the only method for debugging a crashing skiroot (hello SMC BMCs) so I'd rather it remained available. If there's some actual security benefit to disabling it entirely then someone should articulate that. Oliver