From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: Re: [PATCH] kernel: enable CONFIG_X86_INTEL_UMIP on x86_64 Date: Wed, 10 Jun 2020 16:52:19 +0200 Message-ID: <19e27b8f739157be871d3193e57857bc@ipfire.org> In-Reply-To: <6eb7b950-49e4-531f-a8ff-fa97470bd141@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8589415498690654549==" List-Id: --===============8589415498690654549== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit This option is added with kernel 4.15!!! Arne Am 2020-06-09 19:30, schrieb Peter Müller: > Quoted from https://capsule8.com/blog/kernel-configuration-glossary/: > >> Significance: High >> >> The User Mode Instruction Prevention (UMIP) is a security feature in >> newer >> Intel processors. If enabled a general protection fault is issued if >> the SGDT >> SLDT SIDT SMSW or STR instructions are executed in user mode. These >> instructions unnecessarily expose information about the hardware >> state. > > Personally, I do not like Intel's "hardware security features" as they > often turned out as being difficult to handle, to implement and > completely useless or even contraproductive at the end of the day (SGX? > Why, did anyone mentioned SGX?!). Anyway, here we go... > > Fixes: #12367 > > Cc: Arne Fitzenreiter > Cc: Michael Tremer > Signed-off-by: Peter Müller > --- > config/kernel/kernel.config.x86_64-ipfire | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/config/kernel/kernel.config.x86_64-ipfire > b/config/kernel/kernel.config.x86_64-ipfire > index 6a5fbbfe9..f37b4b5d4 100644 > --- a/config/kernel/kernel.config.x86_64-ipfire > +++ b/config/kernel/kernel.config.x86_64-ipfire > @@ -459,6 +459,7 @@ CONFIG_X86_EXTENDED_PLATFORM=y > # CONFIG_X86_GOLDFISH is not set > # CONFIG_X86_INTEL_MID is not set > CONFIG_X86_INTEL_LPSS=y > +CONFIG_X86_INTEL_UMIP=y > CONFIG_X86_AMD_PLATFORM_DEVICE=y > CONFIG_IOSF_MBI=y > # CONFIG_IOSF_MBI_DEBUG is not set --===============8589415498690654549==--