/dev/mem and secure boot

From: Jean Delvare
Date: Fri Sep 06 2019 - 07:02:14 EST

Next message: Michal Hocko: "Re: [RFC PATCH] mm, oom: disable dump_tasks by default"
Previous message: Chao Yu: "Re: [f2fs-dev] [PATCH v4] f2fs: Fix indefinite loop in f2fs_gc()"
Next in thread: Greg Kroah-Hartman: "Re: /dev/mem and secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've been bitten recently by mcelog not working on machines started in
secure boot mode. mcelog tries to read DMI information from /dev/mem
and fails to open it.

This made me wonder: if not even root can read /dev/mem (nor, I
suppose, /dev/kmem and /dev/port) in secure boot mode, why are we
creating these device nodes at all in the first place? Can't we detect
that we are in secure boot mode and skip that step, and reap the rewards
(faster boot, lower memory footprint and less confusion)?

Thanks,
--
Jean Delvare
SUSE L3 Support

Next message: Michal Hocko: "Re: [RFC PATCH] mm, oom: disable dump_tasks by default"
Previous message: Chao Yu: "Re: [f2fs-dev] [PATCH v4] f2fs: Fix indefinite loop in f2fs_gc()"
Next in thread: Greg Kroah-Hartman: "Re: /dev/mem and secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]