All of lore.kernel.org
 help / color / mirror / Atom feed
From: Matt Parnell <mparnell@gmail.com>
To: Matthew Garrett <mjg59@google.com>,
	Jordan Glover <Golden_Miller83@protonmail.ch>
Cc: Kees Cook <keescook@chromium.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>,
	"dhowells@redhat.com" <dhowells@redhat.com>,
	"matthew.garrett@nebula.com" <matthew.garrett@nebula.com>
Subject: Re: [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode.
Date: Mon, 2 Dec 2019 17:31:03 -0600	[thread overview]
Message-ID: <f1cda5e6-5d10-fa96-d2f8-00c1f3a7683c@gmail.com> (raw)
In-Reply-To: <CACdnJutjZk4r_7oCZTnQdmKGZKay1KvvDA+7goj9fwkMVcfHmQ@mail.gmail.com>

I suppose that turning off the early lockdown functionality, and then
having apparmor or selinux grant intel-undervolt permission to the MSRs
is probably another method of going about this, only slightly less "tight."

On 12/2/19 5:29 PM, Matthew Garrett wrote:
> On Mon, Dec 2, 2019 at 2:55 PM Jordan Glover
> <Golden_Miller83@protonmail.ch> wrote:
>
>> Could you clarify if blocking msr breaks internal power management of intel
>> cpu or it only prevents manual tinkering with it by user? If the latter then
>> I think it's ok to keep it as is.
> The latter.

  reply	other threads:[~2019-12-02 23:31 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-30  6:49 [PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode Matt Parnell
2019-11-30 18:36 ` Kees Cook
2019-11-30 19:09   ` Matt Parnell
2019-12-01 20:53     ` Matt Parnell
2019-12-02 18:29       ` Matt Parnell
2019-12-02 22:55         ` Jordan Glover
2019-12-02 23:13           ` Matt Parnell
2019-12-02 23:29           ` Matthew Garrett
2019-12-02 23:31             ` Matt Parnell [this message]
2019-12-03  2:13   ` Matt Parnell
2019-12-03  2:16     ` Matthew Garrett
2019-12-03  2:24       ` Matt Parnell
2019-12-03  2:50         ` Matt Parnell
2019-12-03  3:57           ` Matt Parnell
2019-12-02 19:43 ` Matthew Garrett
2019-12-02 20:39   ` Matt Parnell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f1cda5e6-5d10-fa96-d2f8-00c1f3a7683c@gmail.com \
    --to=mparnell@gmail.com \
    --cc=Golden_Miller83@protonmail.ch \
    --cc=dhowells@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthew.garrett@nebula.com \
    --cc=mjg59@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.