lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1592835748-4589-1-git-send-email-gyan.gupta@intel.com>
Date:   Mon, 22 Jun 2020 19:52:28 +0530
From:   Gyan Gupta <gyan.gupta@...el.com>
To:     gyan.gupta@...el.com, x86-ml <x86@...nel.org>
Cc:     Borislav Petkov <bp@...en8.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Tony Luck <tony.luck@...el.com>
Subject: [PATCH -v2] x86/msr: Filter MSR writes

From: Borislav Petkov <bp@...en8.de>

> The whitelist is still TBD, I might be able to remove it competely and defer the
> whole whitelisting to the future. when people start reporting MSRs (see
> pr_err_ratelimited() call below).

I am also working on a similar functionality where we allow specific MSRs(whitelisted MSRs) to be allowed to read & write.
Additionally, writes are subjected to checks where only certain bits can be allowed to be modified. This is to increase security & safety of system.
For example, MCi_CTL can be used to enable/disable error reporting of hw unit. So in our use case once error reporting is enabled, it must 
not be disabled. Also we want to have restrictions on rdmsr for security purposes.

- Gyan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ