RE: [PATCH] intel_txt: add s3 userspace memory integrity verification

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Cihula, Joseph

Subject: RE: [PATCH] intel_txt: add s3 userspace memory integrity verification

Date: Friday, December 4, 2009 - 10:41 am

> From: Andi Kleen [mailto:andi@firstfloor.org]
quoted text> Sent: Friday, December 04, 2009 9:14 AM
>
> > "bad stuff" would be the execution of any code (or use of any data that affects execution)
> that was not verified by tboot.  As long as panic() is within the code ranges MAC'ed by tboot
> (see above), it would be covered.  Do you know of some panic() code paths that are outside of
> this?
>
> Not code path, but the code called by panic (console drivers, debuggers etc.)
> can well use data that is stored >4GB
>
> This can include structures with indirect pointers, like notifier chains.
>
> Notifier chains have a special checker than can check
> for <4GB, but there are other call vectors too.

Since, as you pointed out in a previous email, it is doubtful that there will be any user-visible output at this point, we can change this path to a tboot reset (which will give us some serial output at least).  Is it going to be similarly unsafe to do a printk()?

quoted text> > > > > checksummed by tboot, attacker may be able to hijack code execution
> > > > > and bypass your protection, no?
> > > > Yes, kernel code is audited by tboot before resume.
> > >
> > > So no, you did not audit do_suspend_lowlevel to make sure it does not
> > > follow function pointers. Bad.
> >
> > We aren't aware of any code or data used by the resume path that is outside of the tboot-
> MAC'ed regions above--if you can point out any then we will gladly address them.
>
> Code coverage is not enough, you need data coverage too.  If someone
> modifies kernel data it's typically easy to subvert code as a next step.

Agreed, which is why I said "code or data".  We'll take another look at the couple of fns that are within this path, but if you have any specific examples can you please post them.

quoted text>
>
> -Andi
> --
> ak@linux.intel.com -- Speaking for myself only.
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] intel_txt: fix the build errors of intel_txt patch ..., Shane Wang, (Tue Sep 1, 1:52 am)

[PATCH] intel_txt: add s3 userspace memory integrity verif ..., Shane Wang, (Sun Sep 27, 2:07 am)

[PATCH] intel_txt: fix the buggy timeout warning logic in ..., Shane Wang, (Mon Sep 28, 7:27 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Pavel Machek, (Sun Oct 4, 11:58 am)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Andi Kleen, (Sun Oct 4, 4:26 pm)

RE: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Wang, Shane, (Thu Oct 15, 12:57 am)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Pavel Machek, (Fri Dec 4, 1:19 am)

RE: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Wang, Shane, (Fri Dec 4, 2:07 am)

RE: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Cihula, Joseph, (Fri Dec 4, 9:46 am)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Andi Kleen, (Fri Dec 4, 10:13 am)

RE: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Cihula, Joseph, (Fri Dec 4, 10:41 am)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., H. Peter Anvin, (Fri Dec 4, 10:53 am)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Andi Kleen, (Fri Dec 4, 1:09 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Andi Kleen, (Fri Dec 4, 1:10 pm)

RE: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Cihula, Joseph, (Fri Dec 4, 1:17 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Andi Kleen, (Fri Dec 4, 1:31 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., H. Peter Anvin, (Fri Dec 4, 2:27 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Pavel Machek, (Fri Dec 4, 3:15 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., H. Peter Anvin, (Fri Dec 4, 3:24 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Pavel Machek, (Fri Dec 4, 3:25 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., Pavel Machek, (Fri Dec 4, 3:39 pm)

Re: [PATCH] intel_txt: add s3 userspace memory integrity v ..., H. Peter Anvin, (Fri Dec 4, 3:46 pm)

[PATCH v2] intel_txt: add support for S3 memory integrity ..., Wang, Shane, (Tue Mar 9, 1:52 am)

Re: [PATCH v2] intel_txt: add support for S3 memory integr ..., Pavel Machek, (Tue Mar 9, 2:06 am)

[PATCH v3] intel_txt: add support for S3 memory integrity ..., Shane Wang, (Tue Mar 9, 11:36 pm)

Re: [PATCH v3] intel_txt: add support for S3 memory integr ..., Rafael J. Wysocki, (Wed Mar 10, 1:31 pm)

[tip:x86/txt] x86, tboot: Add support for S3 memory integr ..., tip-bot for Shane Wang, (Fri Mar 19, 2:18 pm)


linux-kernel:
monstr	[PATCH 46/56] microblaze_v2: headers files entry.h current.h mman.h registers.h se...
Jan Engelhardt	Re: Linux Security Module Framework (Was: LSM conversion to static interface)
Dave Jones	Re: Why do so many machines need "noapic"?
Michael Moore	Re: underage models, pre teen models, lolita porn, young preteens, little lolitas
Lars-Peter Clausen	[PATCH v4] MMC: Add JZ4740 mmc driver
git:
Andy Parkins	git-fetch fails with error code 128
Eli Zaretskii	Re: Switching from CVS to GIT
Jan Harkes	Re: git-svn and huge data and modifying the git-svn-HEAD branch directly
Dan Chokola	Re: how do you "force a pull"?
Johan Herland	Re: Comment on weak refs
git-commits-head:
Linux Kernel Mailing List	No need to do lock_super() for exclusion in generic_shutdown_super()
Linux Kernel Mailing List	x86, msr: Export the register-setting MSR functions via /dev/*/msr
Linux Kernel Mailing List	MIPS: SMTC: Fix lockup in smtc_distribute_timer
Linux Kernel Mailing List	Input: gpio-keys - add support for disabling gpios through sysfs
Linux Kernel Mailing List	sh-sci: update receive error handling for muxed irqs
linux-netdev:
Patrick McHardy	Re: no reassembly for outgoing packets on RAW socket
Ilpo Järvinen	net-next/unix: BUG: using smp_processor_id() in preemptible
Herbert Xu	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Evgeniy Polyakov	Re: virt-manager broken by bind(0) in net-next.
Eric Dumazet	Re: [PATCH] conntrack: use SLAB_DESTROY_BY_RCU for nf_conn structs
openbsd-misc:
elitdostlar	Seks partneri arayan bayanlar bu adreste - 8878xs706x6438
Marcus Andree	Re: This is what Linus Torvalds calls openBSD crowd
Lars D. Noodén	Re: sshd.config and AllowUsers
Henning Brauer	Re: Sun Blade 1000?
Laurens Vets	Re: OT: opinions on IDS / IPS solutions