Re: [PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

2025-06-11 Thread Kevin Lampis
On Tue, Jun 10, 2025 at 4:56 PM Jan Beulich wrote: > >It's still being left entirely unclear what the criteria are by which an >option can / cannot be marked "safe". The purpose of lockdown mode is to protect Xen from unauthorized code execution in Secure Boot mode. Xen especially needs protectio

Re: [PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

2025-06-10 Thread Jan Beulich
On 02.06.2025 15:46, Kevin Lampis wrote: > A subset of command-line parameters that are specifically safe to use when > lockdown mode is enabled are annotated as such. > > These are commonly used parameters which have been audited to ensure they > cannot be used to undermine the integrity of the s

Re: [PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

2025-06-03 Thread Marek Marczykowski-Górecki
On Mon, Jun 02, 2025 at 04:22:06PM +0200, Jan Beulich wrote: > On 02.06.2025 16:16, Marek Marczykowski-Górecki wrote: > > On Mon, Jun 02, 2025 at 02:46:56PM +0100, Kevin Lampis wrote: > >> --- a/xen/common/lockdown.c > >> +++ b/xen/common/lockdown.c > >> @@ -35,7 +35,7 @@ static int __init parse_lo

Re: [PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

2025-06-02 Thread Jan Beulich
On 02.06.2025 16:16, Marek Marczykowski-Górecki wrote: > On Mon, Jun 02, 2025 at 02:46:56PM +0100, Kevin Lampis wrote: >> --- a/xen/common/lockdown.c >> +++ b/xen/common/lockdown.c >> @@ -35,7 +35,7 @@ static int __init parse_lockdown_opt(const char *s) >> >> return 0; >> } >> -custom_param

Re: [PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

2025-06-02 Thread Marek Marczykowski-Górecki
On Mon, Jun 02, 2025 at 02:46:56PM +0100, Kevin Lampis wrote: > A subset of command-line parameters that are specifically safe to use when > lockdown mode is enabled are annotated as such. > > These are commonly used parameters which have been audited to ensure they > cannot be used to undermine t

[PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

2025-06-02 Thread Kevin Lampis
A subset of command-line parameters that are specifically safe to use when lockdown mode is enabled are annotated as such. These are commonly used parameters which have been audited to ensure they cannot be used to undermine the integrity of the system when booted in Secure Boot mode. Signed-off-

[PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled

2025-05-20 Thread Kevin Lampis
A subset of command-line parameters that are specifically safe to use when lockdown mode is enabled are annotated as such. These are commonly used parameters which have been audited to ensure they cannot be used to undermine the integrity of the system when booted in Secure Boot mode. Signed-off-