lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 21 Jun 2024 12:47:06 +0800
From: Liu Wei <liuwei09@...tc.cn>
To: prarit@...hat.com
Cc: catalin.marinas@....com,
	guohanjun@...wei.com,
	linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	liuwei09@...tc.cn,
	lpieralisi@...nel.org,
	rafael@...nel.org,
	sudeep.holla@....com,
	will@...nel.org
Subject: [PATCH v2] ACPI: Add config to disable ACPI SPCR console by default on arm64

For varying privacy and security reasons, sometimes we would like to
completely silence the serial console output, and only enable it through
cmdline when needed.

But there are many existing systems that depend on this console,
so add CONFIG_ARM_DISABLE_ACPI_SPCR_CONSOLE for this situation.

Signed-off-by: Liu Wei <liuwei09@...tc.cn>
Suggested-by: Prarit Bhargava <prarit@...hat.com>
---

v2: Add a config option suggested by Prarit
---
 arch/arm64/kernel/acpi.c   | 12 ++++++++++++
 drivers/acpi/arm64/Kconfig | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c
index dba8fcec7f33..3365fabb5cf8 100644
--- a/arch/arm64/kernel/acpi.c
+++ b/arch/arm64/kernel/acpi.c
@@ -227,7 +227,19 @@ void __init acpi_boot_table_init(void)
 		if (earlycon_acpi_spcr_enable)
 			early_init_dt_scan_chosen_stdout();
 	} else {
+		/*
+		 * For varying privacy and security reasons, sometimes need
+		 * to completely silence the serial console output, and only 
+		 * enable it by cmdline when needed.
+		 * But there are many existing systems that depend on this
+		 * behavior, so use CONFIG_ARM_DISABLE_ACPI_SPCR_CONSOLE.
+		 */
+#ifdef CONFIG_ARM_DISABLE_ACPI_SPCR_CONSOLE
+		acpi_parse_spcr(earlycon_acpi_spcr_enable, false);
+#else
 		acpi_parse_spcr(earlycon_acpi_spcr_enable, true);
+#endif
+
 		if (IS_ENABLED(CONFIG_ACPI_BGRT))
 			acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt);
 	}
diff --git a/drivers/acpi/arm64/Kconfig b/drivers/acpi/arm64/Kconfig
index b3ed6212244c..7e4d860d7089 100644
--- a/drivers/acpi/arm64/Kconfig
+++ b/drivers/acpi/arm64/Kconfig
@@ -21,3 +21,14 @@ config ACPI_AGDI
 
 config ACPI_APMT
 	bool
+
+config ARM_DISABLE_ACPI_SPCR_CONSOLE
+	bool "Disable ACPI SPCR Console by Default on Arm64"
+	depends on ARM64 && ACPI_SPCR_TABLE
+	default n
+	help
+		For varying privacy and security reasons, sometimes need to
+		completely silence the serial console output, and only enable
+		it by kernel cmdline when needed.
+
+		Say Y to disable ACPI SPCR console by default.
-- 
2.42.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ