Hi,
The basis for any secure boot is a way to detect that the system has
been tampered with or not. Tamper Evidence.
There are two main vectors for a system to be tampered with. Someone
local to the machine and remote users who can access the machine
across a network interface. (this includes the
On Thursday, November 08, 2012 12:27:22 AM Alan Cox wrote:
On Wed, 7 Nov 2012 22:28:17 +0100
Thomas Renninger tr...@suse.de wrote:
Hi,
I have seen some patches in this area and I wonder whether MSR and EC
write accesses from userspace got closed already.
You need to cover read
On Wednesday, November 07, 2012 11:51:06 PM H. Peter Anvin wrote:
On 11/07/2012 10:54 PM, Matthew Garrett wrote:
Is there a case where modifying MSRs or EC registers can cause
arbitrary code execution?
For MSRs we could have a whitelist of permitted MSRs, but allowing
general MSR
On Thu, Nov 08, 2012 at 10:40:33AM +0100, Thomas Renninger wrote:
On Wednesday, November 07, 2012 09:54:03 PM Matthew Garrett wrote:
Is there a case where modifying MSRs or EC registers can cause arbitrary
code execution?
Ok, I am not familiar enough with this secure stuff.
Theoretically
On Thu, Nov 08, 2012 at 03:38:33PM +0100, Thomas Renninger wrote:
BTW: Who decides what is allowed and what is not?
Tree maintainers.
I guess it should be the spec. I haven't read the details, but
when even Matthew is not sure, it sounds as if this is phrased
rather imprecise. And as
On 11/08/2012 09:41 AM, Matthew Garrett wrote:
On Thu, Nov 08, 2012 at 03:38:33PM +0100, Thomas Renninger wrote:
BTW: Who decides what is allowed and what is not?
Tree maintainers.
I guess it should be the spec. I haven't read the details, but
when even Matthew is not sure, it sounds as if
On Thu, Nov 08, 2012 at 09:44:11AM -0500, Shea Levy wrote:
How is secureboot_enable=no ok? Unless we're disabling efivarfs in
secureboot mode root can change the kernel command line.
What do you mean by ok? Ubuntu ship a signed kernel without requiring
signed modules, so any in-kernel
What exactly could go wrong with which MSR read?
Show me a pair of Intel and AMD architecture documents guaranteeing all
undefined, undocumented, and documented MSR reads for all processors have
no side effects.
I just picked some MSRs I found in turbostat and cpupower.
Len: It would be great
On Thu, 8 Nov 2012 14:39:19 +
Matthew Garrett mj...@srcf.ucam.org wrote:
On Thu, Nov 08, 2012 at 10:40:33AM +0100, Thomas Renninger wrote:
On Wednesday, November 07, 2012 09:54:03 PM Matthew Garrett wrote:
Is there a case where modifying MSRs or EC registers can cause arbitrary
code
Add a feature to check the firmware signature, specified via Kconfig
CONFIG_FIRMWARE_SIG.
The signature check is performed only for the direct fw loading
without udev. If sig_enforce is set but no firmware file is found in
fs, request_firmware*() returns an error for now. It would be
possible
10 matches
Mail list logo