lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 10 May 2013 07:05:53 +0000
From:	"Ren, Qiaowei" <qiaowei.ren@...el.com>
To:	Matthew Garrett <matthew.garrett@...ula.com>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"platform-driver-x86@...r.kernel.org" 
	<platform-driver-x86@...r.kernel.org>,
	"Wei, Gang" <gang.wei@...el.com>
Subject: RE: [PATCH 4/4] driver: provide sysfs interfaces to access SMX
 parameter

On 2013-05-08, Matthew Garrett wrote:
> On Tue, 2013-05-07 at 22:55 +0800, Qiaowei Ren wrote:
>
> > +What:		/sys/devices/platform/intel_txt/parameter/acm_max_size
> > +Date:		May 2013
> > +KernelVersion:	3.9
> > +Contact:	"Qiaowei Ren" <qiaowei.ren@...el.com>
> > +Description:	The "acm_max_size" property will show max size of
> > +		authenticated code execution area.
> 
> What would userspace use this for?

These sysfs files are just export SMX & TXT related information to userspace. So that other developers (or OSV & ISV) can be able to develop txt related applications or tools based on these information.

> > +What:		/sys/devices/platform/intel_txt/parameter/acm_mem_types
> > +Date:		May 2013
> > +KernelVersion:	3.9
> > +Contact:	"Qiaowei Ren" <qiaowei.ren@...el.com>
> > +Description:	The "acm_max_types" property will show external memory
> > +		types supported during AC mode.
> 
> Or this? And what's AC mode?

It means that the property will show supportable memory types for memory mapped outside of the authenticated code execution area.

> > +	__asm__ __volatile__ (IA32_GETSEC_OPCODE "\n"
> > +			      : "=a"(eax), "=b"(ebx), "=c"(ecx)
> > +			      : "a"(IA32_GETSEC_PARAMETERS), "b"(index));
> > +
> > +	*param_type = eax & 0x1f;
> > +	*peax = eax;
> > +	*pebx = ebx;
> > +	*pecx = ecx;
> 
> Should there be a check for failure here? Is it possible for this operation to fail?

You mean GETSEC instruction? I don't notice related description in manual. Next function get_parameters() will process return eax/ebx/ecx returned by this instruction.

> > +	write_cr4(read_cr4() | CR4_SMXE);
> 
> Whoo. This needs at least a giant comment and probably some locking, but if
> this is supposed to be set during runtime then it should be done in core
> architecture code rather than just in this driver.

Oh. This code should be removed, because tboot code have set SMXE bit.

Thanks,
Qiaowei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ