lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e7dcb85b-25bb-8d5a-3758-e4243bc6ffec@apertussolutions.com>
Date:   Fri, 16 Jun 2023 12:44:27 -0400
From:   "Daniel P. Smith" <dpsmith@...rtussolutions.com>
To:     Matthew Garrett <mjg59@...f.ucam.org>,
        Ross Philipson <ross.philipson@...cle.com>
Cc:     linux-kernel@...r.kernel.org, x86@...nel.org,
        linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-crypto@...r.kernel.org, iommu@...ts.linux-foundation.org,
        kexec@...ts.infradead.org, linux-efi@...r.kernel.org,
        tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
        ardb@...nel.org, James.Bottomley@...senpartnership.com,
        luto@...capital.net, nivedita@...m.mit.edu,
        kanth.ghatraju@...cle.com, trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v6 02/14] Documentation/x86: Secure Launch kernel
 documentation


On 5/12/23 06:47, Matthew Garrett wrote:
> On Thu, May 04, 2023 at 02:50:11PM +0000, Ross Philipson wrote:
>> +Secure Launch does not interoperate with KASLR. If possible, the MLE should be
>> +built with KASLR disabled::
> 
> Why does Secure Launch not interoperate with KASLR?
> 
> Re: IOMMUs

Until the IOMMU driver comes online, memory is protected by the PMRs 
regions requested by the Preamble (pre-launch code) in accordance with 
Intel TXT specifications and configured by the ACM. The KASLR randomizer 
will run before the IOMMU driver is able to come online and ensure 
frames used by the kernel are protected as well as frames that a driver 
may registered in a BAR are not blocked.

>> +It is recommended that no other command line options should be set to override
>> +the defaults above.
> 
> What happens if they are? Does doing so change the security posture of
> the system? If so, will the measurements be different in a way that
> demonstrates the system is in an insecure state?
> 

In an early version of the patch series this was enforced when turning 
on Secure Launch, but concerns were raised over this approach and was 
asked to allow the user to be able to shoot themselves in the foot. 
Overriding these values could render either an insecure state and/or an 
unstable system.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ