lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 3 Dec 2021 10:47:05 -0500
From:   Ross Philipson <ross.philipson@...cle.com>
To:     Robin Murphy <robin.murphy@....com>, linux-kernel@...r.kernel.org,
        x86@...nel.org, iommu@...ts.linux-foundation.org,
        linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org
Cc:     dpsmith@...rtussolutions.com, luto@...capital.net,
        mingo@...hat.com, bp@...en8.de, hpa@...or.com,
        kanth.ghatraju@...cle.com, tglx@...utronix.de,
        trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v4 04/14] Documentation/x86: Secure Launch kernel
 documentation

On 12/2/21 12:26, Robin Murphy wrote:
> On 2021-08-27 14:28, Ross Philipson wrote:
> [...]
>> +IOMMU Configuration
>> +-------------------
>> +
>> +When doing a Secure Launch, the IOMMU should always be enabled and
>> the drivers
>> +loaded. However, IOMMU passthrough mode should never be used. This
>> leaves the
>> +MLE completely exposed to DMA after the PMR's [2]_ are disabled.
>> First, IOMMU
>> +passthrough should be disabled by default in the build configuration::
>> +
>> +  "Device Drivers" -->
>> +      "IOMMU Hardware Support" -->
>> +          "IOMMU passthrough by default [ ]"
>> +
>> +This unset the Kconfig value CONFIG_IOMMU_DEFAULT_PASSTHROUGH.
> 
> Note that the config structure has now changed, and if set, passthrough
> is deselected by choosing a different default domain type.

Thanks for the heads up. We will have to modify this for how things
exist today.

> 
>> +In addition, passthrough must be disabled on the kernel command line
>> when doing
>> +a Secure Launch as follows::
>> +
>> +  iommu=nopt iommu.passthrough=0
> 
> This part is a bit silly - those options are literally aliases for the
> exact same thing, and furthermore if the config is already set as
> required then the sole effect either of them will have is to cause "(set
> by kernel command line)" to be printed. There is no value in explicitly
> overriding the default value with the default value - if anyone can
> append an additional "iommu.passthrough=1" (or "iommu=pt") to the end of
> the command line they'll still win.

I feel like when we worked on this, it was still important to set those
values. This could have been in an older kernel version. We will go back
and verify what you are saying here and adjust the documentation
accordingly.

As to anyone just adding values to the command line, that is why the
command line is part of the DRTM measurements.

Thank you,
Ross

> 
> Robin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ