Subject: x86/msr + lockdown: allow access to **documented** RAPL/TCC controls under Secure Boot

[Rafael J. Wysocki]

On Mon, Mar 9, 2026 at 1:24 PM Artem S. Tashkinov <aros at gmx.com> wrote:
>
> Hello,
>
> When Secure Boot is enabled and kernel lockdown is active, the x86 MSR
> driver blocks all raw MSR access from user space via `/dev/cpu/*/msr`.
> This effectively prevents legitimate use of documented CPU power and
> thermal management interfaces such as RAPL power limits (PL1/PL2) and
> the TCC/TjOffset control. These registers are part of Intel’s
> **publicly** documented architectural interface and have been stable
> across many generations of processors.

There is a power capping RAPL driver.  What's the problem with it with
Secure Boot enabled?

> As a result, under Secure Boot Linux users lose the ability to read or
> adjust **standard** power-management controls that remain available
> through equivalent tooling on other operating systems.

The power capping RAPL driver is there, please use it.  It is documented even.

There is also a driver for TCC/TjOffset control, it is called intel_tcc_cooling.

And there are utilities in user space (for example, Intel thermald)
that use those interfaces.

> The current all-or-nothing restriction appears broader than necessary
> for the stated goal of protecting kernel integrity. MSRs associated with
> power limits and TCC offset are not privileged debugging or microcode
> interfaces but standard hardware configuration knobs intended for
> platform power and thermal management.
>
> It would be useful if the kernel either allowed access to a small
> whitelist of such documented registers under lockdown or exposed a
> mediated kernel interface for adjusting them. Without such a mechanism,
> Secure Boot effectively disables legitimate and widely used
> power/thermal tuning functionality on modern Intel laptops.
>
> Most (if not all) Intel laptops don't expose or allow to configure
> PL1/PL2 limits in BIOS/EFI either.

Because it is not necessary to do so.