[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/4] Add lockdown mode

To: Teddy Astie <teddy.astie@xxxxxxxxxx>
From: Kevin Lampis <kevin.lampis@xxxxxxxxx>
Date: Tue, 6 May 2025 18:13:59 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 06 May 2025 17:14:34 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, May 6, 2025 at 5:49 PM Teddy Astie <teddy.astie@xxxxxxxxxx> wrote:
> (I can't find the PATCH 4/4)

I apologize. The missing patch will be posted as soon as we can.

> I am not convinced of the efficiency of being able to toggle lockdown
> (including disabling it) mode from command-line.

As you say a malicious userland could hijack the xen command-line arguments.
Patch 4 is about ignoring potentially dangerous command line arguments
when lockdown mode is enabled.
It is not about disabling lockdown mode itself. Sorry if the
description was confusing.

>Do we consider Dom0 kernel-space as well (thus Dom0 as a whole)

Dom0 kernel is part of the trusted computing base for Secure Boot so
we don't need to worry about that.

>what about privcmd device (which can issue hypercalls) ?

We do have a solution for securing hypercalls but I believe it will be
part of another patch series.

References:
- [PATCH 3/4] Add lockdown mode
  - From: Kevin Lampis
- Re: [PATCH 3/4] Add lockdown mode
  - From: Teddy Astie

Prev by Date: Re: [PATCH 0/4] Add lockdown mode
Next by Date: Re: [PATCH 0/4] LivePatch signing support
Previous by thread: Re: [PATCH 3/4] Add lockdown mode
Next by thread: [PATCH v2 00/16] riscv: introduce basic UART support and interrupts for hypervisor mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.