Re: [RFC PATCH 0/8] x86_64: Harden compressed kernel, part 1

From: Dave Hansen
Date: Mon Aug 01 2022 - 22:41:25 EST

Next message: Stanley Chu: "Re: [PATCH v3] ufs: core: ufshcd: use local_clock() for debugging timestamps"
Previous message: Micah Morton: "[GIT PULL] SafeSetID changes for v6.0"
In reply to: Evgeniy Baskov: "Re: [RFC PATCH 0/8] x86_64: Harden compressed kernel, part 1"
Next in thread: Evgeniy Baskov: "Re: [RFC PATCH 0/8] x86_64: Harden compressed kernel, part 1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/1/22 17:25, Evgeniy Baskov wrote:
> On 2022-08-01 19:48, Dave Hansen wrote:
>> On 8/1/22 09:38, Evgeniy Baskov wrote:
>>> This is the first half of changes aimed to increase security of early
>>> boot code of compressed kernel for x86_64 by enforcing memory protection
>>> on page table level.
>>
>> Could you share a little more background here? Hardening is good, but
>> you _can_ have too much of a good thing.
>>
>> Is this part of the boot cycle becoming a target for attackers in
>> trusted boot environments? Do emerging confidential computing
>> technologies like SEV and TDX cause increased reliance on compressed
>> kernel security?
>>
>> In other words, why is *THIS* important versus all the other patches
>> floating around out there?
>
> Now compressed kernel code becomes larger, partially because of adding
> SEV and TDX, so it worth adding memory protection here.
...

Is it fair to say that the problems here are on the potential,
theoretical side rather than driven by practical, known issues that our
users face?

Next message: Stanley Chu: "Re: [PATCH v3] ufs: core: ufshcd: use local_clock() for debugging timestamps"
Previous message: Micah Morton: "[GIT PULL] SafeSetID changes for v6.0"
In reply to: Evgeniy Baskov: "Re: [RFC PATCH 0/8] x86_64: Harden compressed kernel, part 1"
Next in thread: Evgeniy Baskov: "Re: [RFC PATCH 0/8] x86_64: Harden compressed kernel, part 1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]