Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1045297ybe; Fri, 6 Sep 2019 11:02:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqxhXtun3J6SuHfo7SXMHlpPsU84ULOfiOrVeq39+5m101ZDy6pp5jLusk+K42IlSVN8kggT X-Received: by 2002:a63:4e60:: with SMTP id o32mr9220888pgl.68.1567792925012; Fri, 06 Sep 2019 11:02:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567792925; cv=none; d=google.com; s=arc-20160816; b=AyRjHAVNX2k4LYP3eyO2gVQkpj0ILk221AgeZzqhLlWoKUl4dS+coesUJt87lxpcyJ +BasH+tI/hp9S3AVUDpSel2oIz8ALzp4p/bY/Wtm1t8ULs2Vh+EcA4o0UMcNhCRMBXJ1 DnemJOQZEqzqm+av1oL5+Fi1tBQ7BLLVaUabzycwRmQOTCQ4P/4WWhrGUWNojPb1OARl iLoVaqOsV9paabcZ5u1bna4XuhtCPA8FWmXkUCnvG79mSAnqTp3BWgT3aT/KHSemF2cR hmFGggertD3cCF6hUf0Iwdl6KBD/aVbdxNwAVLObf3FfO6IM+nLlORpvY9Ppsf3nKEJJ NBSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=8+gf6E1HRst7F83Nhjp5Y7Di6jmYdWVZT3Gv/+fBOVY=; b=DBmxL14zXVj5GXeI4ealeM3sI+6QPGYnzW4chR0X/hZynABbXD8I5SAJtpvlTaUckq FAkmqKaCGGI08/LjC4cC80e1Rh/lrXPUE2tQne6/TybAJYXoTMQuGKdeCUoz6xRt42Vv J5WxWL5bVvyiVIRKL5ZOYjyTpWcmq9DQSVH7wWM1zr5XynwWZODT+3GQ1UFWbSDKb6TF XJFeFMKfM/UvrwMvcG/29yMrLJ6QrjeO1YwvCNCKVXUPf93no8Rk2gw5qsn8EtcXSdob 4NRUF1pGwfm6HjcAtZxM22cQ9CbTJ2w2scGQJLrNW7q66aZXs8+wq8ZXkl8HlCTKGhnp 58HQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Hg00T9IP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h19si5497559plr.41.2019.09.06.11.01.47; Fri, 06 Sep 2019 11:02:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Hg00T9IP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391883AbfIFMPN (ORCPT + 99 others); Fri, 6 Sep 2019 08:15:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:57568 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731749AbfIFMPN (ORCPT ); Fri, 6 Sep 2019 08:15:13 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 681112082C; Fri, 6 Sep 2019 12:15:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567772112; bh=5lYR/FQBgRh7A9RIp7yNUqDXtfcFudRVpQJL1DVpMQ4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Hg00T9IPvUXYTC/+xnKj1S1qbcnE6WFmCIUz9qPNHq+L783ygHKxPJVHvn8w9vsrZ YTFcKHDcldoSFM3Qw3IoA/Y9bMi95Lyz8e7B/Ow3MEDCtDAf2/6TYOLwtjl9qEunoS KmMRZgwDU754CERmPPr08l4XlIUoSFMMRNjSjDbw= Date: Fri, 6 Sep 2019 14:15:10 +0200 From: Greg Kroah-Hartman To: Jean Delvare Cc: Arnd Bergmann , Thomas , LKML Subject: Re: /dev/mem and secure boot Message-ID: <20190906121510.GA17328@kroah.com> References: <20190906130221.0b47a565@endymion> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190906130221.0b47a565@endymion> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 06, 2019 at 01:02:21PM +0200, Jean Delvare wrote: > I've been bitten recently by mcelog not working on machines started in > secure boot mode. mcelog tries to read DMI information from /dev/mem > and fails to open it. What do you mean by "secure boot"? Is this matthew's patchset that restricts /dev/mem/ or something else? > This made me wonder: if not even root can read /dev/mem (nor, I > suppose, /dev/kmem and /dev/port) in secure boot mode, why are we > creating these device nodes at all in the first place? Can't we detect > that we are in secure boot mode and skip that step, and reap the rewards > (faster boot, lower memory footprint and less confusion)? Sure, feel free to not register it at all if the mode is enabled. thanks, greg k-h