[PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode.

Matt Parnell mparnell at gmail.com
Mon Dec 2 23:31:03 UTC 2019


I suppose that turning off the early lockdown functionality, and then
having apparmor or selinux grant intel-undervolt permission to the MSRs
is probably another method of going about this, only slightly less "tight."

On 12/2/19 5:29 PM, Matthew Garrett wrote:
> On Mon, Dec 2, 2019 at 2:55 PM Jordan Glover
> <Golden_Miller83 at protonmail.ch> wrote:
>
>> Could you clarify if blocking msr breaks internal power management of intel
>> cpu or it only prevents manual tinkering with it by user? If the latter then
>> I think it's ok to keep it as is.
> The latter.



More information about the Linux-security-module-archive mailing list