Hi
Over six years ago, support for VFIO without IOMMU was enabled for
arm64. This is a breach of the integrity lockdown requirement of secure boot.
VFIO is a framework for handle devices in userspace. To make
this safe, an IOMMU is required by default. Without it, user space can
write everywhere in memory. The code is still not conditional on
lockdown, even if a patch was proposed.
I intend to disable this option for all supported kernels.
Hi,
On Wed, Dec 13, 2023 at 10:45:01PM +0100, Bastian Blank wrote:
Hi
Over six years ago, support for VFIO without IOMMU was enabled for
arm64. This is a breach of the integrity lockdown requirement of secure
boot.
VFIO is a framework for handle devices in userspace. To make
this safe, an IOMMU is required by default. Without it, user space can
write everywhere in memory. The code is still not conditional on
lockdown, even if a patch was proposed.
I intend to disable this option for all supported kernels.
Agreed.
For the readers reading this along, this was raised in context of >https://salsa.debian.org/kernel-team/linux/-/merge_requests/925#note_446730 >and https://salsa.debian.org/kernel-team/linux/-/merge_requests/502#note_315464
The proposed patch felt probably trough the cracks.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 88:41:23 |
Calls: | 6,697 |
Calls today: | 2 |
Files: | 12,232 |
Messages: | 5,348,340 |