| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54ECFDCF.8040902@nexus-software.ie> Date: Tue, 24 Feb 2015 22:40:15 +0000 From: Bryan O'Donoghue <pure.logic@...us-software.ie> To: Pavel Machek <pavel@....cz> CC: tglx@...utronix.de, mingo@...hat.com, hpa@...or.com, x86@...nel.org, dvhart@...radead.org, andy.shevchenko@...il.com, boon.leong.ong@...el.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3 1/1] x86: Add Isolated Memory Regions for Quark X1000 On 23/02/15 22:18, Pavel Machek wrote: > On Mon 2015-01-26 14:15:27, Bryan O'Donoghue wrote: > > Do the applications normally need to manipulate IMRs? Applications could in theory manipulate IMRs - you might want to place an IMR around an EFI capsule in memory for example - before calling a capsule update. This code will place an IMR around the kernel .text - .rodata which ensures that no unwarranted DMA access can rewrite write-only kernel addresses - something the MMU would not fault on - on non-IMR enabled processors. > Would it be > possible to do all IMR manipulations in the bootloader? > Possible yes - in practical terms for Galileo or the SMARC+Quark from Kontron for example - you'd be forcing a bootloader change - which most users will not pick up. Considering IMRs can reset the system if they aren't sanitized, it's good practice for the kernel to go and make sure that every unlocked IMR is torn-down and reset. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists