From: Greg KH <gregkh@linuxfoundation.org>
To: Mauro Lima <mauro.lima@eclypsium.com>
Cc: Hans-Gert Dahmen <hans-gert.dahmen@immu.ne>,
akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
philipp.deppenwiese@immu.ne, Richard Hughes <hughsient@gmail.com>,
platform-driver-x86@vger.kernel.org
Subject: Re: [PATCH] firmware: export x86_64 platform flash bios region via sysfs
Date: Tue, 9 Nov 2021 17:12:34 +0100 [thread overview]
Message-ID: <YYqd8pNx53BX13Sy@kroah.com> (raw)
In-Reply-To: <CAArk9MN99YjKV2AKCYsUqh7LNVCb2ddvcSnRgGGsXePkM6Q86Q@mail.gmail.com>
On Tue, Nov 09, 2021 at 10:55:54AM -0300, Mauro Lima wrote:
> Hi all,
>
> On Tue, Nov 9, 2021 at 3:16 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Tue, Nov 09, 2021 at 01:01:30AM +0100, Hans-Gert Dahmen wrote:
> > > Make the 16MiB long memory-mapped BIOS region of the platform SPI flash
> > > on X86_64 system available via /sys/kernel/firmware/flash_mmap/bios_region
> > > for pen-testing, security analysis and malware detection on kernels
> > > which restrict module loading and/or access to /dev/mem.
> >
> > That feels like a big security hole we would be opening up for no good
> > reason.
> Please, can you explain why this could be a security hole?
We restricted /dev/mem and now you want to open a portion of it back up,
hence my worry that now you can read information that previously you
could not read.
> IMO if the host is compromised the attacker already has information
> about the BIOS version, and after a quick lookup they know the BIOS
> vulnerabilities or the lack of them.
So you are saying that you do NOT need this access to get the BIOS
information if you have root access? If not, then why is this needed?
confused,
greg k-h
next prev parent reply other threads:[~2021-11-09 16:12 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 0:01 [PATCH] firmware: export x86_64 platform flash bios region via sysfs Hans-Gert Dahmen
2021-11-09 6:16 ` Greg KH
2021-11-09 8:52 ` Hans-Gert Dahmen
2021-11-09 8:56 ` Hans-Gert Dahmen
2021-11-09 10:28 ` Greg KH
2021-11-09 12:32 ` Hans-Gert Dahmen
2021-11-09 12:42 ` Greg KH
2021-11-09 14:09 ` Mauro Lima
2021-11-09 14:11 ` Mauro Lima
2021-11-09 14:10 ` Hans-Gert Dahmen
[not found] ` <CAHp75VfbYsyC=7Ncnex1f_jiwrZhExDF7iy4oSGZgS1cHmsN0Q@mail.gmail.com>
2021-11-10 8:37 ` Hans-Gert Dahmen
2021-11-10 9:04 ` Andy Shevchenko
2021-11-10 9:17 ` Hans-Gert Dahmen
2021-11-10 9:25 ` Andy Shevchenko
2021-11-10 10:00 ` Hans-Gert Dahmen
2021-11-10 13:13 ` Mauro Lima
2021-11-10 16:31 ` Andy Shevchenko
2021-11-10 17:37 ` Mauro Lima
2021-11-11 6:42 ` Mika Westerberg
2021-11-11 8:59 ` Hans-Gert Dahmen
2021-11-11 10:32 ` Mika Westerberg
2021-11-11 10:55 ` Hans-Gert Dahmen
2021-11-11 11:43 ` Greg KH
2021-11-11 11:46 ` Richard Hughes
2021-11-11 12:46 ` Andy Shevchenko
2021-11-11 12:56 ` Hans-Gert Dahmen
2021-11-11 13:54 ` Andy Shevchenko
2021-11-11 14:33 ` Hans-Gert Dahmen
2021-11-11 15:30 ` Andy Shevchenko
2021-11-11 15:43 ` Ard Biesheuvel
2021-11-11 15:49 ` Andy Shevchenko
2021-11-11 16:05 ` Hans-Gert Dahmen
2021-11-11 21:07 ` Richard Hughes
2021-11-12 6:52 ` Greg KH
2021-11-12 10:09 ` Richard Hughes
2021-11-12 10:43 ` Greg KH
2021-11-12 12:25 ` Hans-Gert Dahmen
2021-11-11 16:07 ` Hans-Gert Dahmen
2021-11-11 16:44 ` Andy Shevchenko
2021-11-11 16:55 ` Hans-Gert Dahmen
2021-11-11 17:48 ` Andy Shevchenko
2021-11-11 18:14 ` Hans-Gert Dahmen
2021-11-11 19:14 ` Ard Biesheuvel
2021-11-11 20:50 ` Hans-Gert Dahmen
2021-11-11 13:00 ` Mika Westerberg
2021-11-11 13:22 ` Richard Hughes
2021-11-11 13:34 ` Mika Westerberg
2021-11-11 13:36 ` Hans-Gert Dahmen
2021-11-11 14:42 ` Mauro Lima
2021-11-11 15:06 ` Mika Westerberg
2021-11-11 15:16 ` Hans-Gert Dahmen
2021-11-12 6:59 ` Mika Westerberg
2021-11-11 15:31 ` Mauro Lima
2021-11-11 11:50 ` Mauro Lima
2021-11-10 17:41 ` Hans-Gert Dahmen
[not found] ` <E1CBFD23-AC3B-43BF-BF0A-158844486BA9@getmailspring.com>
2021-11-09 10:24 ` Greg KH
2021-11-09 10:30 ` Philipp Deppenwiese
2021-11-09 11:25 ` Greg KH
2021-11-09 13:55 ` Mauro Lima
2021-11-09 16:12 ` Greg KH [this message]
2021-11-09 17:23 ` Mauro Lima
[not found] <20210622142334.14883-1-hans-gert.dahmen@immu.ne>
[not found] ` <YNJB4HoRa6qWgOJC@kroah.com>
2021-06-25 13:54 ` Hans-Gert Dahmen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYqd8pNx53BX13Sy@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=hans-gert.dahmen@immu.ne \
--cc=hughsient@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mauro.lima@eclypsium.com \
--cc=philipp.deppenwiese@immu.ne \
--cc=platform-driver-x86@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).