lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 16 Nov 2008 11:14:47 +0000
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Philipp Kohlbecher <xt28@....de>, Ingo Molnar <mingo@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86: alternative identifier for Phoenix BIOS

On Sat, 15 Nov 2008 17:55:20 -0800
"H. Peter Anvin" <hpa@...or.com> wrote:

> Philipp Kohlbecher wrote:
> > My laptop (a Samsung X20) contains a Phoenix BIOS and would benefit from
> > patch 1e22436eba84edfec9c25e5a25d09062c4f91ca9 (x86: reserve low 64K on
> > AMI and Phoenix BIOS boxen).
> > 
> > However, according to /sys/class/dmi/id/bios_vendor, the BIOS identifies
> > its vendor as "Phoenix Technologies LTD" (sans the comma).
> 
> Given that AMI and Phoenix combined is something like 80% of the BIOS
> market, if not more, it might simply be easier to make it unconditional,
>  or make it a whitelist instead.

Far more useful would be to make people aware of the problem. If the BIOS
is scribbling in the low 64K of RAM not just BIOS areas, and doing so
outside of ACPI marked areas they need to fix the BIOS ASAP. If they leave
their BIOSes randomly scribbling in operating system memory areas then as
with previous (hardware related) cases of vendors knowingly shipping
corrupting equipment they'll be building up a huge class action legal
liability.

As such making sure the vendor knows in a way they cannot deny is a very
useful activity.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ