NAK: [SRU] [B/D/E] [PATCH 0/1] Enable RTL8723BS under kernel lockdown
Seth Forshee
seth.forshee at canonical.com
Thu Jul 18 14:02:36 UTC 2019
On Thu, Jul 18, 2019 at 04:52:38PM +0800, Kai-Heng Feng wrote:
> at 22:28, Seth Forshee <seth.forshee at canonical.com> wrote:
>
> > On Wed, Jul 17, 2019 at 05:01:50PM +0800, Kai-Heng Feng wrote:
> > > BugLink: https://bugs.launchpad.net/bugs/1836440
> > >
> > > [Impact]
> > > Realtek 8723bs doesn't work if secureboot is enabled.
> > >
> > > [Fix]
> > > Whitelist r8723bs.ko under kernel lockdown.
> > >
> > > [Test]
> > > r8723bs.ko loads and works once it's whitelisted.
> > >
> > > [Regression Potenial]
> > > Low. This is to enable Realtek 8723bs under kernel lockdown so it has a
> > > very limited impact scope.
> >
> > Has the driver been reviewed to confirm that it is suitable for use
> > under lockdown, i.e. it does not introduce any new interfaces to
> > userspace which would allow userspace to modify the kernel or extract
> > confidential information from the kernel? If so, can you please provide
> > a summary of any userspace interfaces contained within the driver?
>
> rtl8723bs exposes procfs to provide detailed debug information which may
> contain sensitive data.
> I’ll send a patch to disable procfs on rtl8723bs.
Ok, thanks. Note that there is a call in Ubuntu kernels,
kernel_is_locked_down(), that can be used to restrict access only when
lockdown is active. There are be numerous examples you can look at.
Nacking this patch, will await updated patches.
Thanks,
Seth
More information about the kernel-team
mailing list