Received: by 10.192.165.156 with SMTP id m28csp1106383imm; Fri, 13 Apr 2018 13:23:59 -0700 (PDT) X-Google-Smtp-Source: AIpwx48CbeQytay/HP5tLmITHJw/4A9nXP8rGg7sDNS/TcRIz3CRKIUnd/niuX4DhHgzp0rXrfyU X-Received: by 10.99.107.65 with SMTP id g62mr5122676pgc.180.1523651039828; Fri, 13 Apr 2018 13:23:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523651039; cv=none; d=google.com; s=arc-20160816; b=JdOB+BeEDVqW0g7n12oHOD/sBEM+2X7BLnYoTdPT/gNxFgMmVShzx99m8eHxJ7fUaE /BNv77KfF6MaSGidtB25nrbcueFOzWeB3w54kOYyTeOSoeAJc52B96x9rXRAmeLfv2aR X46u4/0BzkTE+O9C5tk3/zYl4ic320+j8cHVHTMYkNSO7UPceS2tgrGj1iS2fArIBLdf 8j2TRW38kSTCII73oKxrarpyM4v/F02EQNOHeRu8BORomnLQzl3rSZC8zi50ANjxzgIG Q4vwuMgCo8uOJqATk2qlQwx2QpxVIAoNVReHkBrGOxlGHEivTtVSKKFpbgZqkX+dZPo7 cIlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=betQJJAor0DFxPWCbewR423Dbuxw3ZngmbGp6kBrRPQ=; b=GwZBsbaiTRYdvPYpBpzgcPDwWcgmlMdq4fdha1ekB6v7QW3p1EaL59k33W0OIl2e9Y whIjFAF5vd0AX77s8/XUE2atbKIgHHuS8LKJm69qa/bvFIH+w3DtJ0Y3RbGjiA7V+dYL 8ZMpsEiKETgNVozkOeL/wEV8fhCvP7zMkzoG7XxjjKyCGz+OGoJuirenUWTdo6zRH7Yw V/kOP5D59BQuAHKpbB5zx6ZtjbAIJWJycQ89Jh2LvpFifXMqkaSofnNNxSiC1/xtnVpE XQMXo2mCVG7F4QJrcki+9F5ID6YoJmFCPs+3FH5ylXmCGjatDlUyGD3uvTV+/1EGjI1F fLBw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t198si4720619pgc.600.2018.04.13.13.23.45; Fri, 13 Apr 2018 13:23:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751818AbeDMUW1 (ORCPT + 99 others); Fri, 13 Apr 2018 16:22:27 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:56715 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750999AbeDMUW0 (ORCPT ); Fri, 13 Apr 2018 16:22:26 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 1C95E8038B; Fri, 13 Apr 2018 22:22:24 +0200 (CEST) Date: Fri, 13 Apr 2018 22:22:23 +0200 From: Pavel Machek To: David Howells Cc: torvalds@linux-foundation.org, linux-man@vger.kernel.org, linux-api@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH 02/24] Add a SysRq option to lift kernel lockdown Message-ID: <20180413202222.GA4396@amd> References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk> <152346389240.4030.11187964053014260180.stgit@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5" Content-Disposition: inline In-Reply-To: <152346389240.4030.11187964053014260180.stgit@warthog.procyon.org.uk> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --bg08WKrSYDhXBjb5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed 2018-04-11 17:24:52, David Howells wrote: > From: Kyle McMartin >=20 > Make an option to provide a sysrq key that will lift the kernel lockdown, > thereby allowing the running kernel image to be accessed and modified. >=20 > On x86 this is triggered with SysRq+x, but this key may not be available = on > all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h. > Since this macro must be defined in an arch to be able to use this facili= ty > for that arch, the Kconfig option is restricted to arches that support it. >=20 > Signed-off-by: Kyle McMartin > Signed-off-by: David Howells > cc: x86@kernel.org Is that good idea? Magic sysrq was meant for debugging, not for toggling options like that. Distros are expected to turn it off. It also works over serial consoles etc, being able to toggle security options from serial is surprising... > --- a/drivers/tty/sysrq.c > +++ b/drivers/tty/sysrq.c > @@ -487,6 +487,7 @@ static struct sysrq_key_op *sysrq_key_table[36] =3D { > /* x: May be registered on mips for TLB dump */ > /* x: May be registered on ppc/powerpc for xmon */ > /* x: May be registered on sparc64 for global PMU dump */ > + /* x: May be registered on x86_64 for disabling secure boot */ > NULL, /* x */ What about x86-32? > +static struct sysrq_key_op lockdown_lift_sysrq_op =3D { > + .handler =3D sysrq_handle_lockdown_lift, > + .help_msg =3D "unSB(x)", > + .action_msg =3D "Disabling Secure Boot restrictions", > + .enable_mask =3D SYSRQ_DISABLE_USERSPACE, > +}; I'd remove secure boot mentions here. Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --bg08WKrSYDhXBjb5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlrREX4ACgkQMOfwapXb+vLYtgCfRYyFGIL5TIvishDq7IHED0qR epcAnR6WOidNb9YAVPgOJSkYW2tiiKVf =oF26 -----END PGP SIGNATURE----- --bg08WKrSYDhXBjb5--