Re: [arm64] secure boot breach via VFIO_NOIOMMU
Hi,
On Wed, Dec 13, 2023 at 10:45:01PM +0100, Bastian Blank wrote:
> Hi
>
> Over six years ago, support for VFIO without IOMMU was enabled for
> arm64. This is a breach of the integrity lockdown requirement of secure
> boot.
>
> VFIO is a framework for handle devices in userspace. To make
> this safe, an IOMMU is required by default. Without it, user space can
> write everywhere in memory. The code is still not conditional on
> lockdown, even if a patch was proposed.
>
> I intend to disable this option for all supported kernels.
Agreed.
For the readers reading this along, this was raised in context of
https://salsa.debian.org/kernel-team/linux/-/merge_requests/925#note_446730
and https://salsa.debian.org/kernel-team/linux/-/merge_requests/502#note_315464
The proposed patch felt probably trough the cracks.
Regards,
Salvatore
Reply to: