Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Matthew Garrett
Date: Fri Feb 08 2013 - 14:27:27 EST

Next message: Samuel Ortiz: "Re: [GIT PULL] ab8500-dependent MFD functions for GPIO IRQs"
Previous message: Paul E. McKenney: "Re: net: rcu warnings in ip6fl_get_first"
In reply to: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2013-02-08 at 11:21 -0800, Kees Cook wrote:
> On Fri, Feb 8, 2013 at 11:17 AM, Matthew Garrett
> <matthew.garrett@xxxxxxxxxx> wrote:
> > On Fri, 2013-02-08 at 11:12 -0800, Kees Cook wrote:
> >> Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is
> >> set since it could lead to execution of arbitrary code in kernel mode.
> >
> > Willing to buy this, but do you have a description of one potential
> > approach? We should probably also figure out what's writing to MSRs at
> > the moment (anything other than energy_perf_bias?) and decide what the
> > best thing to do there is.
>
> Yes, change the SYSENTER entry point to where-ever you like. There are
> examples already written:
> http://grsecurity.net/~spender/msr32.c

Cool. Yup, this sounds like a good plan.
¢éì®&Þ~º&¶¬–+-±éÝ¥Šw®žË±Êâmébžìdz¹Þ)í…æèw*jg¬±¨¶‰šŽŠÝj/êäz¹ÞŠà2ŠÞ¨èÚ&¢)ß«a¶Úþø®G«éh®æj:+v‰¨Šwè†Ù>Wš±êÞiÛaxPjØm¶ŸÿÃ-»+ƒùdš_

Next message: Samuel Ortiz: "Re: [GIT PULL] ab8500-dependent MFD functions for GPIO IRQs"
Previous message: Paul E. McKenney: "Re: net: rcu warnings in ip6fl_get_first"
In reply to: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]