Re: /dev/mem and secure boot

From: Thomas Renninger
Date: Thu Sep 12 2019 - 06:44:41 EST

Next message: Kieran Bingham: "Re: [PATCH] drm: rcar-du: Add r8a77980 support"
Previous message: David Miller: "Re: [PATCH net-next v2 0/3] add ksz9567 with I2C support to ksz9477 driver"
In reply to: Jean Delvare: "Re: /dev/mem and secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, September 9, 2019 3:09:57 PM CEST Jean Delvare wrote:
> Hi Greg,

...

> > Sure, feel free to not register it at all if the mode is enabled.

> Now I feel sorry that I asked my question upstream when there's nothing
> to be done there. I'll go bother SUSE kernel folks instead, sorry for
> the noise. And thanks for the advice.

I also/still think /dev/mem should vanish in secure boot mode, also upstream.
There may have been strong reasons why it has been restricted to /dev/ioport
which I do not know.

Whatever the exact definition for kernel behaviour in secure boot mode in the
UEFI books is (if there is any), it should close quite some possible doors
for hijacking a machine or read sensible data and if anyhow possible secure
boot mode should head for this feature (IMHO): Get rid of /dev/mem.

Thanks for bringing this up,

Thomas

Next message: Kieran Bingham: "Re: [PATCH] drm: rcar-du: Add r8a77980 support"
Previous message: David Miller: "Re: [PATCH net-next v2 0/3] add ksz9567 with I2C support to ksz9477 driver"
In reply to: Jean Delvare: "Re: /dev/mem and secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]