On Thu, 16 Jan 2020 at 07:10, Oliver O'Halloran <ooh...@gmail.com> wrote: > > On Thu, Jan 16, 2020 at 4:00 PM Daniel Axtens <d...@axtens.net> wrote: > > > > Michael Ellerman <m...@ellerman.id.au> writes: > > > > > From: Joel Stanley <j...@jms.id.au> > > > > > > This turns on HARDENED_USERCOPY with HARDENED_USERCOPY_PAGESPAN, and > > > FORTIFY_SOURCE. > > > > > > It also enables SECURITY_LOCKDOWN_LSM with _EARLY and > > > LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY options enabled. > > > > > > > As I said before, this will disable xmon entirely. If we want to set > > this, we should compile out xmon. But if we want xmon in read-only mode > > to be an option, we should pick integrity mode. > > > > I don't really mind, because I don't work with skiroot very > > much. Oliver, Joel, Nayna, you all do stuff around this sort of level - > > is this a problem for any of you? > > Keep it enabled and force INTEGRITY mode. There are some cases where > xmon is the only method for debugging a crashing skiroot (hello SMC > BMCs) so I'd rather it remained available. If there's some actual > security benefit to disabling it entirely then someone should > articulate that.
Ack.
