Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Matthew Garrett
Date: Wed Feb 13 2013 - 20:04:56 EST

Next message: Andreas Mohr: "Re: [PATCH] PCI / ACPI: Report _OSC control mask returned on failureto get control"
Previous message: H. Peter Anvin: "Re: [tip:core/locking] x86/smp: Move waiting on contended ticketlock out of line"
In reply to: Casey Schaufler: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2013-02-13 at 16:44 -0800, Casey Schaufler wrote:

> If you want that sort of granularity throw yourself on the SELinux
> bandwagon. Fine grained capabilities are insane and unmanageable
> and will only lead to tears. Security is despised because of the
> notion that making systems impossible to use is a good thing.

SELinux is completely unusable for this specific case.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
èº{.nÇ+‰·Ÿ®‰†+%ŠËlzwm…ébëæìr¸›zX§»®w¥Š{ayºÊÚë,j¢f£¢·hš‹àz¹®w¥¢¸¢·¦j:+v‰¨ŠwèjØm¶Ÿÿ¾«‘êçzZ+ƒùšŽŠÝj"ú!¶iO•æ¬z·švØ^¶m§ÿðÃnÆàþY&—

Next message: Andreas Mohr: "Re: [PATCH] PCI / ACPI: Report _OSC control mask returned on failureto get control"
Previous message: H. Peter Anvin: "Re: [tip:core/locking] x86/smp: Move waiting on contended ticketlock out of line"
In reply to: Casey Schaufler: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Next in thread: H. Peter Anvin: "Re: [PATCH] x86: Lock down MSR writing in secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]