[PATCH 4/6][B] powerpc/xmon: Restrict when kernel is locked down

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Tue Jun 23 18:43:56 UTC 2020 

On Tue, Jun 23, 2020 at 01:30:16PM -0500, Seth Forshee wrote:
> On Tue, Jun 23, 2020 at 02:15:00PM -0300, Thadeu Lima de Souza Cascardo wrote:
> > On Fri, Jun 19, 2020 at 07:48:31AM -0500, Seth Forshee wrote:
> > > From: "Christopher M. Riedl" <cmr at informatik.wtf>
> > > 
> > > BugLink: https://bugs.launchpad.net/bugs/1884159
> > > 
> > > Xmon should be either fully or partially disabled depending on the
> > > kernel lockdown state.
> > > 
> > > Put xmon into read-only mode for lockdown=integrity and prevent user
> > > entry into xmon when lockdown=confidentiality. Xmon checks the lockdown
> > > state on every attempted entry:
> > > 
> > >  (1) during early xmon'ing
> > > 
> > >  (2) when triggered via sysrq
> > > 
> > >  (3) when toggled via debugfs
> > > 
> > >  (4) when triggered via a previously enabled breakpoint
> > > 
> > > The following lockdown state transitions are handled:
> > > 
> > >  (1) lockdown=none -> lockdown=integrity
> > >      set xmon read-only mode
> > > 
> > >  (2) lockdown=none -> lockdown=confidentiality
> > >      clear all breakpoints, set xmon read-only mode,
> > >      prevent user re-entry into xmon
> > > 
> > >  (3) lockdown=integrity -> lockdown=confidentiality
> > >      clear all breakpoints, set xmon read-only mode,
> > >      prevent user re-entry into xmon
> > > 
> > > Suggested-by: Andrew Donnellan <ajd at linux.ibm.com>
> > > Signed-off-by: Christopher M. Riedl <cmr at informatik.wtf>
> > > Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>
> > > Link: https://lore.kernel.org/r/20190907061124.1947-3-cmr@informatik.wtf
> > > (backported from commit 69393cb03ccdf29f3b452d3482ef918469d1c098)
> > > Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> > > ---
> > >  arch/powerpc/xmon/xmon.c | 106 ++++++++++++++++++++++++++++++++-------
> > >  1 file changed, 89 insertions(+), 17 deletions(-)
> > 
> > I was finally able to test this and then noticed that CONFIG_LOCK_DOWN_KERNEL
> > is not set for ppc64el. Should we enable it for this patchset?
> 
> Hmm, I knew that we only started automatically enabling lockdown under
> secure boot recently for ppc64el, but I didn't notice that the option
> was turned off. Looks like that's the case until focal.
> 
> I think whether to turn on lockdown for ppc64el is a sepearte issue from
> these updates, so let's not do that here. And in that case the xmon
> patches aren't needed right now.

Agreed to split the issues. I just couldn't test lockdown and xmon interaction,
besides that read-only worked and was turned on by default in this case. But, I
could not turn on lockdown, and so could easily override xmon to rw.

Cascardo.

More information about the kernel-team mailing list