[PATCH 26/30] Lock down ftrace

[PATCH 00/30] security, efi: Add kernel lockdown · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 01/30] Add the ability to lock down access to the running kernel image · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 02/30] Add a SysRq option to lift kernel lockdown · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 03/30] ima: require secure_boot rules in lockdown mode · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 04/30] Enforce module signatures if the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
Re: [PATCH 04/30] Enforce module signatures if the kernel is locked down · David Howells <dhowells@redhat.com> · 2018-02-22
Re: [PATCH 04/30] Enforce module signatures if the kernel is locked down · Jiri Bohac <hidden> · 2018-02-22
[PATCH 05/30] Restrict /dev/{mem, kmem, port} when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 06/30] kexec: Disable at runtime if the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 07/30] Copy secure_boot flag in boot params across kexec reboot · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · Jiri Bohac <hidden> · 2018-01-11
[PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Jiri Bohac <hidden> · 2018-01-11
Re: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · David Howells <dhowells@redhat.com> · 2018-01-16
Re: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Jiri Bohac <hidden> · 2018-01-16
Re: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · David Howells <dhowells@redhat.com> · 2018-01-17
Re: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Jiri Bohac <hidden> · 2018-01-19
Re: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · David Howells <dhowells@redhat.com> · 2018-02-21
[PATCH 08b/30] kexec_file: Restrict at runtime if the kernel is locked down · Jiri Bohac <hidden> · 2018-01-11
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · David Howells <dhowells@redhat.com> · 2018-01-11
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · David Howells <dhowells@redhat.com> · 2018-01-11
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · Jiri Bohac <hidden> · 2018-01-11
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · David Howells <dhowells@redhat.com> · 2018-01-17
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · David Howells <dhowells@redhat.com> · 2018-02-22
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · David Howells <dhowells@redhat.com> · 2018-02-22
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · Jiri Bohac <hidden> · 2018-02-22
Re: [PATCH 08/30] kexec_file: Restrict at runtime if the kernel is locked down · Jiri Bohac <hidden> · 2018-02-22
[PATCH 09/30] hibernate: Disable when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 10/30] uswsusp: Disable when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 11/30] PCI: Lock down BAR access when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 12/30] x86: Lock down IO port access when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 13/30] x86/msr: Restrict MSR access when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 14/30] asus-wmi: Restrict debugfs interface when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 15/30] ACPI: Limit access to custom_method when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 16/30] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 17/30] acpi: Disable ACPI table override if the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 18/30] acpi: Disable APEI error injection if the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
Re: [PATCH 18/30] acpi: Disable APEI error injection if the kernel is locked down · Joey Lee <JLee@suse.com> · 2019-11-07
Re: [PATCH 18/30] acpi: Disable APEI error injection if the kernel is locked down · joeyli <jlee@suse.com> · 2022-05-28
[PATCH 19/30] scsi: Lock down the eata driver · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 20/30] Prohibit PCMCIA CIS storage when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 21/30] Lock down TIOCSSERIAL · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 22/30] Lock down module params that specify hardware parameters (eg. ioport) · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 23/30] x86/mmiotrace: Lock down the testmmiotrace module · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 24/30] debugfs: Disallow use of debugfs files when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 25/30] Lock down /proc/kcore · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 26/30] Lock down ftrace · David Howells <dhowells@redhat.com> · 2017-11-09
Re: [PATCH 26/30] Lock down ftrace · Jiri Kosina <jikos@kernel.org> · 2017-11-10
Re: [PATCH 26/30] Lock down ftrace · David Howells <dhowells@redhat.com> · 2017-11-10
Re: [PATCH 26/30] Lock down ftrace · Jiri Kosina <jikos@kernel.org> · 2017-11-10
Re: [PATCH 26/30] Lock down ftrace · David Howells <dhowells@redhat.com> · 2017-11-10
Re: [PATCH 26/30] Lock down ftrace · Jiri Kosina <jikos@kernel.org> · 2017-11-10
Re: [PATCH 26/30] Lock down ftrace · David Howells <dhowells@redhat.com> · 2017-11-10
[PATCH 27/30] Lock down kprobes · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 28/30] bpf: Restrict kernel image access functions when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 29/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode · David Howells <dhowells@redhat.com> · 2017-11-09
[PATCH 30/30] efi: Lock down the kernel if booted in secure boot mode · David Howells <dhowells@redhat.com> · 2017-11-09
Re: [PATCH 00/30] security, efi: Add kernel lockdown · Andrew Morton <akpm@linux-foundation.org> · 2018-03-03

From: jikos@kernel.org (Jiri Kosina)
Date: 2017-11-10 10:16:01
Also in: linux-efi, lkml

On Fri, 10 Nov 2017, David Howells wrote:

quoted

I fail to see how this fits into the secure boot security model, could you 
please explain?

The idea is to prevent cryptographic data for filesystems and other things
from being read out of the kernel memory as well as to prevent unauthorised
modification of kernel memory.

Then it would make sense to actually lock down dumping of registers / 
function arguments (kprobes can currently do that, ftrace eventually could 
as well I guess), but disabling the whole ftrace altogether seems like a 
totally unnecessary overkill.

quoted

Secure boot is about having a constant proof / verification that the code 
you're running in ring0 can be trusted (IOW is the one that has been 
signed and verified by the whole boot chain).

Checking execution patterns doesn't seem to fit at all.

I'll defer this question to Alexei since he suggested I needed to deal 
with this too.

Thanks.

-- 
Jiri Kosina
SUSE Labs

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help