| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240621044706.87181-1-liuwei09@cestc.cn>
Date: Fri, 21 Jun 2024 12:47:06 +0800
From: Liu Wei <liuwei09@...tc.cn>
To: prarit@...hat.com
Cc: catalin.marinas@....com,
guohanjun@...wei.com,
linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org,
liuwei09@...tc.cn,
lpieralisi@...nel.org,
rafael@...nel.org,
sudeep.holla@....com,
will@...nel.org
Subject: [PATCH v2] ACPI: Add config to disable ACPI SPCR console by default on arm64
For varying privacy and security reasons, sometimes we would like to
completely silence the serial console output, and only enable it through
cmdline when needed.
But there are many existing systems that depend on this console,
so add CONFIG_ARM_DISABLE_ACPI_SPCR_CONSOLE for this situation.
Signed-off-by: Liu Wei <liuwei09@...tc.cn>
Suggested-by: Prarit Bhargava <prarit@...hat.com>
---
v2: Add a config option suggested by Prarit
---
arch/arm64/kernel/acpi.c | 12 ++++++++++++
drivers/acpi/arm64/Kconfig | 11 +++++++++++
2 files changed, 23 insertions(+)
diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c
index dba8fcec7f33..3365fabb5cf8 100644
--- a/arch/arm64/kernel/acpi.c
+++ b/arch/arm64/kernel/acpi.c
@@ -227,7 +227,19 @@ void __init acpi_boot_table_init(void)
if (earlycon_acpi_spcr_enable)
early_init_dt_scan_chosen_stdout();
} else {
+ /*
+ * For varying privacy and security reasons, sometimes need
+ * to completely silence the serial console output, and only
+ * enable it by cmdline when needed.
+ * But there are many existing systems that depend on this
+ * behavior, so use CONFIG_ARM_DISABLE_ACPI_SPCR_CONSOLE.
+ */
+#ifdef CONFIG_ARM_DISABLE_ACPI_SPCR_CONSOLE
+ acpi_parse_spcr(earlycon_acpi_spcr_enable, false);
+#else
acpi_parse_spcr(earlycon_acpi_spcr_enable, true);
+#endif
+
if (IS_ENABLED(CONFIG_ACPI_BGRT))
acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt);
}
diff --git a/drivers/acpi/arm64/Kconfig b/drivers/acpi/arm64/Kconfig
index b3ed6212244c..7e4d860d7089 100644
--- a/drivers/acpi/arm64/Kconfig
+++ b/drivers/acpi/arm64/Kconfig
@@ -21,3 +21,14 @@ config ACPI_AGDI
config ACPI_APMT
bool
+
+config ARM_DISABLE_ACPI_SPCR_CONSOLE
+ bool "Disable ACPI SPCR Console by Default on Arm64"
+ depends on ARM64 && ACPI_SPCR_TABLE
+ default n
+ help
+ For varying privacy and security reasons, sometimes need to
+ completely silence the serial console output, and only enable
+ it by kernel cmdline when needed.
+
+ Say Y to disable ACPI SPCR console by default.
--
2.42.1
Powered by blists - more mailing lists