Re: [PATCH] Ability to read the MKTME status from userspace

From: Borislav Petkov
Date: Fri Jun 19 2020 - 09:22:54 EST

Next message: Steven Rostedt: "Re: [PATCH 2/2] sched/uclamp: Protect uclamp fast path code with static key"
Previous message: Christoph Hellwig: "Re: [PATCH v2 2/2] xfs: Fix false positive lockdep warning with sb_internal & fs_reclaim"
In reply to: Borislav Petkov: "Re: [PATCH] Ability to read the MKTME status from userspace"
Next in thread: Richard Hughes: "Re: [PATCH] Ability to read the MKTME status from userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 19, 2020 at 10:01:36AM -0300, Daniel Gutson wrote:
> Then the user will not know that he/she could improve the security of the
> system by enabling the feature in the BIOS.

And how is the user going to know from your "module"? AFAICT, your
module loads on any system - not only on ones which have MKTME in CPUID.

> The fact that the CPU has the cap and the BIOS disables it, can
> trigger a prevention action.

I can only venture guesses what "prevention action" is - you'll have to
be more verbose here.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Steven Rostedt: "Re: [PATCH 2/2] sched/uclamp: Protect uclamp fast path code with static key"
Previous message: Christoph Hellwig: "Re: [PATCH v2 2/2] xfs: Fix false positive lockdep warning with sb_internal & fs_reclaim"
In reply to: Borislav Petkov: "Re: [PATCH] Ability to read the MKTME status from userspace"
Next in thread: Richard Hughes: "Re: [PATCH] Ability to read the MKTME status from userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]