Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp2047935ybe; Thu, 12 Sep 2019 03:46:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqwgB+km+eTyW+rP2NjpUliTvhGXLwu9wQW8VLhk/pjh446bWpWJRzd1dGKFqeXDzQlaK25M X-Received: by 2002:a17:906:3087:: with SMTP id 7mr1531401ejv.212.1568285212900; Thu, 12 Sep 2019 03:46:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568285212; cv=none; d=google.com; s=arc-20160816; b=D7knnGB7IiEqEFRKU6M2OvAhVVnGfPxkFPFVUGR4nMoK6Q9zapPF5MjZpC0zwBygff 1B7/cbBeAUWO6vhMbZNZd07x59b+BzoP2SaSAV0mkxh/sVJCw1wo7PhjhnyNdGwm/qmL 9dCFpD5ZV7owgiQ8eD/3jXx4QbEWTIFtSFEG6tdoJbJjPUSA7SpznWftTRstUxd3Mm0m ltRCkyA+f2C1MrOUhX4Rp3zha6vsjZkcfABAOqa2Ot108fwCkh5yVW0jX5bbJX0NdI5Y o/MoKYb9GNcbPC4fuAPMsB1LCAakHVueKQnejvlz3u57ElB0FceftHY4+BS3CO76hRus 9Z+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=/JhE84yWrDWL7v1KHb5zbV9sq2RzdYQoCU2mPA0JFXc=; b=wtswH46JkLS6L2ByNbXdeTxhUA6XdYNAmVkG9W5HJ8rrs1OvUL+5qx3i6NqtpuwhDR lV7/+OKALyj/qNXD429vPfse9K2m20Ee42xaY9cTha2eeNqW0w+oKgpzWcw8ewgiXch+ z9/yElB0fmQTmyENpKPuh/un7E7svZY7qcuRZL8M3pzGFAJOTPbAucrkdZoRlvv8N2bq 7GEaeXzsNWhwFreBqUU7tLVu4GwMTejVePxe0h2MEX1IR1WS9b8XIpfKFUfG7SFs9WtE waKOx0haKAQh5N4+IfD5CHhMmmub7w0vxDDZtjyzt/6N6ikZHUSIq7ajH3xC81oWUPY9 +qxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w26si7030658eda.438.2019.09.12.03.46.29; Thu, 12 Sep 2019 03:46:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731057AbfILKok (ORCPT + 99 others); Thu, 12 Sep 2019 06:44:40 -0400 Received: from mx2.suse.de ([195.135.220.15]:60252 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730470AbfILKoj (ORCPT ); Thu, 12 Sep 2019 06:44:39 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id EE546B0B6; Thu, 12 Sep 2019 10:44:37 +0000 (UTC) From: Thomas Renninger To: Jean Delvare Cc: Greg Kroah-Hartman , Arnd Bergmann , LKML , David Howells Subject: Re: /dev/mem and secure boot Date: Thu, 12 Sep 2019 12:44:01 +0200 Message-ID: <2263894.GsazvrUjIX@skinner.arch.suse.de> In-Reply-To: <20190909150957.12abe684@endymion> References: <20190906130221.0b47a565@endymion> <20190906121510.GA17328@kroah.com> <20190909150957.12abe684@endymion> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Monday, September 9, 2019 3:09:57 PM CEST Jean Delvare wrote: > Hi Greg, ... > > Sure, feel free to not register it at all if the mode is enabled. > Now I feel sorry that I asked my question upstream when there's nothing > to be done there. I'll go bother SUSE kernel folks instead, sorry for > the noise. And thanks for the advice. I also/still think /dev/mem should vanish in secure boot mode, also upstream. There may have been strong reasons why it has been restricted to /dev/ioport which I do not know. Whatever the exact definition for kernel behaviour in secure boot mode in the UEFI books is (if there is any), it should close quite some possible doors for hijacking a machine or read sensible data and if anyhow possible secure boot mode should head for this feature (IMHO): Get rid of /dev/mem. Thanks for bringing this up, Thomas