From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E85DC35249 for ; Wed, 5 Feb 2020 04:01:52 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 24683217F4 for ; Wed, 5 Feb 2020 04:01:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 24683217F4 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=vt.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.92.3) (envelope-from ) id 1izBsV-0004eP-Ae; Tue, 04 Feb 2020 23:01:27 -0500 Received: from omr1.cc.ipv6.vt.edu ([2607:b400:92:8300:0:c6:2117:b0e] helo=omr1.cc.vt.edu) by shelob.surriel.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1izBsS-0004eF-Kc for kernelnewbies@kernelnewbies.org; Tue, 04 Feb 2020 23:01:24 -0500 Received: from mr1.cc.vt.edu (inbound.smtp.ipv6.vt.edu [IPv6:2607:b400:92:9:0:9d:8fcb:4116]) by omr1.cc.vt.edu (8.14.4/8.14.4) with ESMTP id 01541G0A027532 for ; Tue, 4 Feb 2020 23:01:21 -0500 Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by mr1.cc.vt.edu (8.14.7/8.14.7) with ESMTP id 01541BME019010 for ; Tue, 4 Feb 2020 23:01:16 -0500 Received: by mail-qv1-f70.google.com with SMTP id n11so692810qvp.15 for ; Tue, 04 Feb 2020 20:01:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=GIDGNb0ycXvqSjE+djZTp/6v2IN08trSQVuEn8EeUuI=; b=Um7PFGv4dfZOAOF6Ie5CKBWbMZf7hPx7tayUJu+WdWcrKgz8AewVc/864pmBHkGqTf +/PAdGayAVv3Fw2ErnwwIxA65hFVD+RkMXbFynk5zm7ofRFGhh1svaOTLK7xybSPx6KR KW/4+kJWm80a4Uohd6QpKEyMxDIpoLmEkukcmcmkSkJnCrOfqN0ar/yPZFEdkY0ykYLo 9gN9TBYtCxYNtR3jPC2dLp7PE3v6AErWZv9oropW71BeErai4iTw37WoA4tJOt4PzIyA S6MPdcjjGn9qy242TPHcD4Yntxy+dKEMO7nF/b3e0K1WiuIGKSjoVbe0T9kk6W6oH7Vm jrww== X-Gm-Message-State: APjAAAX8WzRAAaRKTOJQMpyGdq+ObX5+EfyEuO887WjeA4X+JIPbylLl b0Hu+mDiAHLeVz7ZllvoE5WxWqBWv1yn2crmywr/IrbD6pJVqTZ1iM7YbPMpoCwkJJrJ9ZOGQOb qB8bAw9HaXh0t3L3xsfmMQnnugTp7rGwfihlc1Q0= X-Received: by 2002:a05:620a:1102:: with SMTP id o2mr31361239qkk.278.1580875270944; Tue, 04 Feb 2020 20:01:10 -0800 (PST) X-Google-Smtp-Source: APXvYqzlTCXUgJzXrq5zd5NAn5EDHrqUV71qSu2EgHPGbFxAxp3cRNGSxDoiUD2UjS7eHzjM9f0xxg== X-Received: by 2002:a05:620a:1102:: with SMTP id o2mr31360985qkk.278.1580875265715; Tue, 04 Feb 2020 20:01:05 -0800 (PST) Received: from turing-police ([2601:5c0:c001:c9e1::359]) by smtp.gmail.com with ESMTPSA id o25sm1296599qkk.7.2020.02.04.20.01.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2020 20:01:04 -0800 (PST) From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Google-Original-From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev To: WyoFlippa Subject: Re: Kernel drivers and IOCTLs In-Reply-To: References: <8969dfce-a295-c351-201c-4d8a0e90ac58@gmail.com> <44531.1579798166@turing-police> Mime-Version: 1.0 Date: Tue, 04 Feb 2020 23:01:03 -0500 Message-ID: <165172.1580875263@turing-police> Cc: kernelnewbies@kernelnewbies.org X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2040868482346529516==" Errors-To: kernelnewbies-bounces@kernelnewbies.org --===============2040868482346529516== Content-Type: multipart/signed; boundary="==_Exmh_1580875263_12134P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit --==_Exmh_1580875263_12134P Content-Type: text/plain; charset=us-ascii On Tue, 04 Feb 2020 20:57:24 -0600, WyoFlippa said: > I'm actually happy with the existing boot schemes. In this case, the > driver is going to validate a signed image (U-Boot or Linux) before it > is programmed into the flash memory. Although the image is validated > when booting, it is one additional check to avoid surprises. Is there a reason you're trying to do it from a driver rather than from userspace? Under what realistic conditions will the kernel be trustable to do the validation while userspace isn't? What's the threat model here - in other words, what attack(s) are you trying to stop? (This is a lot trickier than it looks - over the decades, I've seen plenty of "Let's do this cargo-cult thing to stop attack X", while overlooking the fact that any attacker who can do X can equally easily do Y and still pwn the entire box.....) --==_Exmh_1580875263_12134P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.9.0 11/07/2018 iQIVAwUBXjo9/gdmEQWDXROgAQJ5/xAAh3qEgVqKWLdUdX4mYy4kkAVoLKJU3TRm 7+8S/nOWn/oX4viD6OSaaGIS5LZy4dbAj7c/qm10wHX+xwk/cbc+CYkh/iasOKrs Hdn/Krb6RCN9DOBZMp8YtNrMTBZEHnPlgy8q/FDY6qcW7k99DUDZaRa0gDZ46VmV qKEGgrqLqoXhxnfzHqhxxjegskJgcH/8HNTp3i4vr34frYZ517TLly5W0nH5gX+s U0BfxahVnWIiJj+Om96Sr2pSqD1gIVpCGBWdsSIpjR3/tXzO1JFrLLaQq0uMpFpj FBF2zshqlzSX/KJdkdDSveo8Qxhzsf5W4akaoPeTH+jXpT7RHquifNx8IYIFeJPL 1GHFIPW+dolbOkUaoCRtsWDIt+EhJt4tvCIahhHkLeM0LTPcO+m8bwJ+MWW0Ypfc 364v0rCPfpvRStV6I2MWUTXinbEAO/4+rcP7KFpWaTX9ljCRcAj1hACE+GnvDsWw 1B7tDyyOfxD48THAl4TcfQ2SXYmmuS6hPFe8yyGwhJim6ZWYb8+l4li7gi9/0S9Y bdpxOyUK2lPqWBFD/rK+PXps2Bd/cJuBRGTBhF8rpuHblNr7frM6Le7UKJfBHcwP Pce9F1k7fZ2tqMNeE5NVDe8FmBI4/7gQ7QWE1Y62kGbooGGYcR4nTudeNfb0SesS VVv29OO352k= =G/HS -----END PGP SIGNATURE----- --==_Exmh_1580875263_12134P-- --===============2040868482346529516== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies --===============2040868482346529516==--