Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Kees Cook
Date: Fri Feb 08 2013 - 14:21:48 EST

On Fri, Feb 8, 2013 at 11:17 AM, Matthew Garrett
<matthew.garrett@xxxxxxxxxx> wrote:
> On Fri, 2013-02-08 at 11:12 -0800, Kees Cook wrote:
>> Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is
>> set since it could lead to execution of arbitrary code in kernel mode.
> Willing to buy this, but do you have a description of one potential
> approach? We should probably also figure out what's writing to MSRs at
> the moment (anything other than energy_perf_bias?) and decide what the
> best thing to do there is.

Yes, change the SYSENTER entry point to where-ever you like. There are
examples already written:

IMO, _writing_ an MSR from userspace should be considered a bug. If
writing is needed, a kernel driver should be mediating the change.
wrmsr (and rdmsr) are ring-0 only for good reason. :)


Kees Cook
Chrome OS Security
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at