[PATCH linux dev-4.18] /dev/mem: add a devmem kernel parameter to activate the device

Andrew Jeffery andrew at aj.id.au
Thu Nov 8 12:11:32 AEDT 2018


On Mon, 22 Oct 2018, at 08:54, Joel Stanley wrote:
> On Fri, 12 Oct 2018 at 18:37, Cédric Le Goater <clg at kaod.org> wrote:
> >
> > For security reasons, some configuration needs to run without /dev/mem
> > but on some occasions, to debug HW for instance, it's still useful to
> > be able to reboot the system with access to physical memory.
> >
> > Add a kernel parameter which activates the /dev/mem device only when
> > 'mem.devmem' is enabled.
> >
> > Signed-off-by: Cédric Le Goater <clg at kaod.org>
> 
> Thanks Cédric. I've put this in the 4.18 tree.
> 
> Can you submit this upstream too please?

Have this been done? Just following up out of interest.

I do wonder about it though. /dev/mem is accessible if you're root, but given
 pretty much everything runs as root on the BMC we turn it off. But if it's just
a kernel commandline parameter away, it's also just a
`fw_setenv ... && reboot` away, at which point all the security is gone? If
you're somehow not root on the BMC then you wouldn't have access even if
it were present, and you can't change the u-boot environment either.

Andrew


More information about the openbmc mailing list