Re: [GIT PULL] Kernel lockdown for secure boot

From: Matthew Garrett
Date: Wed Apr 04 2018 - 00:32:05 EST

Next message: Palmer Dabbelt: "Re: [GIT pull] irq updates for 4.17"
Previous message: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: Alexei Starovoitov: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 3, 2018 at 7:34 PM Alexei Starovoitov <
alexei.starovoitov@xxxxxxxxx> wrote:
> If the only thing that folks are paranoid about is reading
> arbitrary kernel memory with bpf_probe_read() helper
> then preferred patch would be to disable it during verification
> when in lockdown mode.
> No run-time overhead and android folks will be happy
> that lockdown doesn't break their work.
> They converted out-of-tree networking accounting
> module and corresponding user daemon to use bpf:

https://www.linuxplumbersconf.org/2017/ocw/system/presentations/4791/original/eBPF%20cgroup%20filters%20for%20data%20usage%20accounting%20on%20Android.pdf

An alternative would be to only disable kernel reads if the kernel contains
secrets that aren't supposed to be readable by root. If the keyring is
configured such that root can read everything, it seems like less of a
concern?

Next message: Palmer Dabbelt: "Re: [GIT pull] irq updates for 4.17"
Previous message: Matthew Garrett: "Re: [GIT PULL] Kernel lockdown for secure boot"
In reply to: Alexei Starovoitov: "Re: [GIT PULL] Kernel lockdown for secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]