| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Apr 2012 20:00:30 -0400 From: Shea Levy <shea@...alevy.com> To: Matthew Garrett <mjg@...hat.com> CC: torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH 2/2] efi: Validate UEFI boot variables Hi, On 04/30/2012 04:11 PM, Matthew Garrett wrote: > A common flaw in UEFI systems is a refusal to POST triggered by a malformed > boot variable. Once in this state, machines may only be restored by > reflashing their firmware with an external hardware device. While this is > obviously a firmware bug, the serious nature of the outcome suggests that > operating systems should filter their variable writes in order to prevent > a malicious user from rendering the machine unusable. Any chance this will make it safe to use efibootmgr on Apple EFI firmware? I've been afraid to use it because I've read it can silently brick the device due to a mistake in efibootmgr. Obviously this won't correct that mistake, but with this applied should a successful variable set imply that the firmware wasn't bricked? Cheers, Shea Levy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists