[SRU] [B/D/E] [PATCH 0/1] Enable RTL8723BS under kernel lockdown
Kai-Heng Feng
kai.heng.feng at canonical.com
Thu Jul 18 08:52:38 UTC 2019
at 22:28, Seth Forshee <seth.forshee at canonical.com> wrote:
> On Wed, Jul 17, 2019 at 05:01:50PM +0800, Kai-Heng Feng wrote:
>> BugLink: https://bugs.launchpad.net/bugs/1836440
>>
>> [Impact]
>> Realtek 8723bs doesn't work if secureboot is enabled.
>>
>> [Fix]
>> Whitelist r8723bs.ko under kernel lockdown.
>>
>> [Test]
>> r8723bs.ko loads and works once it's whitelisted.
>>
>> [Regression Potenial]
>> Low. This is to enable Realtek 8723bs under kernel lockdown so it has a
>> very limited impact scope.
>
> Has the driver been reviewed to confirm that it is suitable for use
> under lockdown, i.e. it does not introduce any new interfaces to
> userspace which would allow userspace to modify the kernel or extract
> confidential information from the kernel? If so, can you please provide
> a summary of any userspace interfaces contained within the driver?
rtl8723bs exposes procfs to provide detailed debug information which may
contain sensitive data.
I’ll send a patch to disable procfs on rtl8723bs.
Other than that it uses regular ioctl and cfg80211 interfaces and they
seems to be fine.
Kai-Heng
>
> Thanks,
> Seth
More information about the kernel-team
mailing list