Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Matthew Garrett
Date: Sat Feb 09 2013 - 10:12:05 EST

Next message: Alexey Vlasov: "Re: BUG: soft lockup on all kernels after 2.6.3x"
Previous message: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
In reply to: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2013-02-09 at 10:29 +0100, Borislav Petkov wrote:
> On Fri, Feb 08, 2013 at 10:45:35PM -0800, Kees Cook wrote:
> > Also, _reading_ MSRs from userspace arguably has utility that doesn't
> > compromise ring-0.
>
> And to come back to the original question: what is that utility, who
> would need it on a secure boot system and why?

Things like Turbostat are useful, although perhaps that information
should be exposed in a better way.
N‹§²æìr¸›yúèšØb²X¬¶ÇvØ^–)Þ{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü}©ž²ÆzÚ&j:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹®w¥¢¸?™¨èÚ&¢)ßf”ù^jÇy§m…á@A«a¶Úÿ0¶ìh®å’i

Next message: Alexey Vlasov: "Re: BUG: soft lockup on all kernels after 2.6.3x"
Previous message: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
In reply to: Kees Cook: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]