From patchwork Tue Jun  9 17:30:39 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 3175
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 49hHGw4FWkz3yQv
	for <patchwork@web04.haj.ipfire.org>; Tue,  9 Jun 2020 17:31:36 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 49hHGv2XLWzlF;
	Tue,  9 Jun 2020 17:31:35 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 49hHGv1PGqz2y3k;
	Tue,  9 Jun 2020 17:31:35 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49hHGr71kMz2xFj
 for <development@lists.ipfire.org>; Tue,  9 Jun 2020 17:31:32 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384))
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 49hHGn5GYvz1Vv
 for <development@lists.ipfire.org>; Tue,  9 Jun 2020 17:31:29 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1591723890;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=S8IWb6v/SQNbt4ZGySDDxHbIeQ0iXQUBsNB+IKHYg5U=;
 b=Kc0kWo0nzCZSZ9tY7kfK+GVCveLy6vpV+lojQvJ8woXVOV0fMB3gyI8ffL8oL8Upkt4M3/
 5QZF4BdClOFjKUDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1591723890;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=S8IWb6v/SQNbt4ZGySDDxHbIeQ0iXQUBsNB+IKHYg5U=;
 b=Wn8ZOHold0XQ5V9xtdT6LAaU5QVcjwmKRQz0PfSC+CAGPhVb1rrCSVQ4FQEc8jWp4Vnh66
 I0Cr160o0s6mxMpPagwJFir/v6u+GCK3fg1Hhd+pBSHjL7QCJhoPS0eBFjYCM7ZhN4tPNK
 J2WiyDKtCcpwrFvT/kbI4CVjTlBS1L6YveZH1OTk0pbxDDzRBR1vwYdiD55uztUX43Q9cP
 adoirQssYzDRqKfrzjryQEUDEqsNiefqL83x9qnXOi266zv84AcCFizcAmmo0YOrelp71Q
 /g4Tsc8yKI1Rb5XYm6ul7VUejovzx7R7s9fDn3C96+kxqIoiuAu0Bi/Wys9YTA==
To: development@lists.ipfire.org
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Subject: [PATCH] kernel: enable CONFIG_X86_INTEL_UMIP on x86_64
Message-ID: <6eb7b950-49e4-531f-a8ff-fa97470bd141@ipfire.org>
Date: Tue, 9 Jun 2020 17:30:39 +0000
MIME-Version: 1.0
Content-Language: en-US
Authentication-Results: mail01.ipfire.org;
 auth=pass smtp.mailfrom=peter.mueller@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Quoted from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: High
>
> The User Mode Instruction Prevention (UMIP) is a security feature in newer
> Intel processors. If enabled a general protection fault is issued if the SGDT
> SLDT SIDT SMSW or STR instructions are executed in user mode. These
> instructions unnecessarily expose information about the hardware state.

Personally, I do not like Intel's "hardware security features" as they
often turned out as being difficult to handle, to implement and
completely useless or even contraproductive at the end of the day (SGX?
Why, did anyone mentioned SGX?!). Anyway, here we go...

Fixes: #12367

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/kernel/kernel.config.x86_64-ipfire | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index 6a5fbbfe9..f37b4b5d4 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -459,6 +459,7 @@ CONFIG_X86_EXTENDED_PLATFORM=y
 # CONFIG_X86_GOLDFISH is not set
 # CONFIG_X86_INTEL_MID is not set
 CONFIG_X86_INTEL_LPSS=y
+CONFIG_X86_INTEL_UMIP=y
 CONFIG_X86_AMD_PLATFORM_DEVICE=y
 CONFIG_IOSF_MBI=y
 # CONFIG_IOSF_MBI_DEBUG is not set