Re: [PATCH v11 5/9] x86/efi: Disable LASS while mapping the EFI runtime services

Next message: Pierre-Eric Pelloux-Prayer: "[PATCH v4 1/3] drm/amdgpu: add engine_retains_context to amdgpu_ring_funcs"
Previous message: Joan Na: "Re: [PATCH v3 3/3] dt-bindings: regulator: Add MAX77675 regulator binding"
In reply to: Sohil Mehta: "Re: [PATCH v11 5/9] x86/efi: Disable LASS while mapping the EFI runtime services"
Next in thread: Ard Biesheuvel: "Re: [PATCH v11 5/9] x86/efi: Disable LASS while mapping the EFI runtime services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Zijlstra

Date: Fri Nov 07 2025 - 04:04:27 EST

On Fri, Oct 31, 2025 at 11:12:53AM -0700, Dave Hansen wrote:

> But there's a pretty broad set of things that are for "security" that
> aren't necessary while you're just running trusted ring0 code:
>
> * SMAP/SMEP
> * CR pinning itself
> * MSR_IA32_SPEC_CTRL
> * MSR_IA32_TSX_CTRL
>
> They just haven't mattered until now because they don't have any
> practical effect until you actually have code running on _PAGE_USER
> mappings trying to attack the kernel.

But that's just the thing EFI is *NOT* trusted! We're basically
disabling all security features (not listed above are CET and CFI) to
run this random garbage we have no control over.

How about we just flat out refuse EFI runtime services? What are they
actually needed for? Why are we bending over backwards and subverting
our security for this stuff?