Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1723536ybl; Tue, 3 Dec 2019 11:37:12 -0800 (PST) X-Google-Smtp-Source: APXvYqzqU5KTFKU04GJE8MBnSyfTbqa8bU0/2lIS3a+sl2A6PoHvsatjTn10xq2hdoJjOWj5CjAA X-Received: by 2002:a05:6830:2157:: with SMTP id r23mr4643904otd.143.1575401832550; Tue, 03 Dec 2019 11:37:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575401832; cv=none; d=google.com; s=arc-20160816; b=Dxr61IrT6vhoQJap5GiD0uOvCXB2p9kXAjGicCaSiTWK97hP23VDaQ/r0xnpey6LXU GlGUgLJloDMJB5vpavUGQgEiHyppIJSNxGhf0ufeYJktz+cMdcD1CDGYTMYPcjjeh8fr Xbb72TAakQoUT43T4SyN3YDlHgt/pTQlvMb+v6b/IRc7mtfWBniM98Czapkw2ADMpfnp Eqi5eV0okdCN4wxugIqroYr7ztIQD+1kQoO4u0oY2cMnBnCSUWEJz3Dc+5eB63Cfpp+S xTad2CNc292UB3LRN+EFHKTbt3g8+5RDU07Px84xJhAqwmq6ZAANoUWT5op6qS6EjUyY pLEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=rbCm+sboO//ec+9mJyUZQfBjgbVhZp2u3dmOtW+Tw+c=; b=yhnq9VBb899hYefnBWKA1R2Rxz8Fnl7aiF0m8PXsE12wg1mNu+7xAOAZFLD0RWJtP1 FccUhfZYnsx5HpWJcynfKXqxkaj/wZDFIlqaegHh3BRHdhz+tydDMuOEf4STwgGvXsEM 9aMZl/ESosp6jPlM5UXyOQuXSmfNGzWxkR+hcKU/h9nf89a2IoKmbHSxcGloWEf9pE7Y xtPXshOL3u55KLiwsPD3PTPF1tuptqGgWO9/a55TE1Kj0EX46DpzCTRsstVeaLDtbo4l ixN/Bv/3iSjbT5bC5KQT91XWSh2H8/MPgpHhU/1pAmawAR9EBsuhaFJk0m4QzKlfxNso YtEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=thVNI2dY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g72si1846080otg.179.2019.12.03.11.37.00; Tue, 03 Dec 2019 11:37:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=thVNI2dY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727434AbfLCTg2 (ORCPT + 99 others); Tue, 3 Dec 2019 14:36:28 -0500 Received: from mail-io1-f42.google.com ([209.85.166.42]:46235 "EHLO mail-io1-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727376AbfLCTg1 (ORCPT ); Tue, 3 Dec 2019 14:36:27 -0500 Received: by mail-io1-f42.google.com with SMTP id i11so5047348iol.13 for ; Tue, 03 Dec 2019 11:36:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rbCm+sboO//ec+9mJyUZQfBjgbVhZp2u3dmOtW+Tw+c=; b=thVNI2dYbYLDW7LST1GvzlBiAIZzDGO78uzN5JdQEO7M2lDOMNOZANxdYW/Y7S1E6z AcwyTekhqytphND8+4zCsLKXRktkres1MuM7s1pYrPxWFAnFY1Tp2Wd8xvzwZX4PBfcn Tm+WvtYdvApcHjn6toWDudMHLN9YunqMDWB67jvfly7Y6o47uSik+1Jg3cl20RL4da7P WT0pEGwL7R5GvTy4QRe9JCbM2ia3Ljd68N4ly17rWbUsvkBsNs6r3AMCu/Io//k/PPtF ILNKPshiXXSd4xHgkaSDLBCJ3xCGvHOJlmYSftmXic4Lvhqhc9cp1iPk6kJlcGCelnxr vF5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rbCm+sboO//ec+9mJyUZQfBjgbVhZp2u3dmOtW+Tw+c=; b=b7s0xeTgYn8OerlgSIso8mngsUYWJDi7Q30Szh+ws2exp7VCynTeRX5YLCn+WeTUUF 2qeUJrLgAi2AFVAxASgLX4JVex91pSbMRMR4aSjeTZBpKUrKyUMjoGqoqeKpSO1hlDfs lLHab9PQIB/92hhEbZbOBF36eXoPFy1GOjxj62XMo9G48c3cRyUeVGMPcEr1Eclykq+A vYUU4D5sRDOl0ySSRWvLBfQlf2PVwr7p5n513G0YMALra8lAaJjx5es9sFsSUPCVdZcs vk1VwAjyccDGh77lmFsTnN3MPd8n9uVeOaLl4wz1X4BciJAWTJe7Ep+BGIYU03y/gute E5rQ== X-Gm-Message-State: APjAAAXW0YFOymLfujb78Anm5zbApeWT7RF6LDw9INELoduo6P4zJyGZ RL0f/ny8Pbg84wnpH7ORBxlWy/CExllzjG3DLUR+ig== X-Received: by 2002:a05:6602:187:: with SMTP id m7mr3775316ioo.16.1575401786293; Tue, 03 Dec 2019 11:36:26 -0800 (PST) MIME-Version: 1.0 References: <20191203004043.174977-1-matthewgarrett@google.com> <9c58f2d2-5712-0972-6ea7-092500f37cf9@redhat.com> In-Reply-To: <9c58f2d2-5712-0972-6ea7-092500f37cf9@redhat.com> From: Matthew Garrett Date: Tue, 3 Dec 2019 11:36:14 -0800 Message-ID: Subject: Re: [PATCH] [EFI,PCI] Allow disabling PCI busmastering on bridges during boot To: Laszlo Ersek Cc: Ard Biesheuvel , linux-efi , "the arch/x86 maintainers" , linux-pci , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 3, 2019 at 5:38 AM Laszlo Ersek wrote: > (2) I'm not 100% convinced this threat model -- I hope I'm using the > right term -- is useful. A PCI device will likely not "itself" set up > DMA (maliciously or not) without a matching driver. A malicious PCI device can absolutely set up DMA itself without a matching driver. There's a couple of cases: 1) A device that's entirely under the control of an attacker. Using external Thunderbolt devices to overwrite OS data has been demonstrated on multiple occasions. 2) A device that's been compromised in some way. The UEFI driver is a long way from the only software that's related to the device - discrete GPUs boot themselves even in the absence of a driver, and if that on-board code can be compromised in any persistent way then they can be used to attack the OS. > Is this a scenario where we trust the device driver that comes from the > device's ROM BAR (let's say after the driver passes Secure Boot > verification and after we measure it into the TPM), but don't trust the > silicon jammed in the motherboard that presents the driver? Yes, though it's not just internal devices that we need to worry about. > (3) I never understood why the default behavior (or rather, "only" > behavior) for system firmware wrt. the IOMMU at EBS was "whitelist > everything". Why not "blacklist everything"? > > I understand the compat perspective, but the OS should at least be able > to request such a full blackout through OsIndications or whatever. (With > the SEV IOMMU driver in OVMF, that's what we do -- we set everything to > encrypted.) I'm working on that, but it would be nice to have an approach for existing systems.