| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Jan 2016 11:46:28 +0000 From: Måns Rullgård <mans@...sr.com> To: Borislav Petkov <bp@...e.de> Cc: Thomas Voegtle <tv@...96.de>, Markus Trippelsdorf <markus@...ppelsdorf.de>, linux-kernel@...r.kernel.org Subject: Re: x86/microcode update on systems without INITRD Borislav Petkov <bp@...e.de> writes: > On Fri, Jan 08, 2016 at 11:18:51AM +0000, Måns Rullgård wrote: >> Neither "depends on" nor "select" makes sense to me here. The driver >> apparently works without it, > > The driver works without it if you build your microcode into the kernel. > > There are use cases where building microcode into the kernel is *not* a > viable option so we have to support both builtin microcode and microcode > from the initrd. How is an initrd different from a real filesystem as seen by the microcode update driver? >> and simply having BLK_DEV_INITRD enabled doesn't prevent improper >> (according to some people) use of the driver. If updating microcode >> is inherently unsafe when a real disk is mounted, the driver ought >> to detect this and refuse the operation (possibly with an override >> option). > > Huh, what? > > -ENOPARSE. The objection against removing the dependency was that updating microcode "late" isn't safe. I don't see how turning on BLK_DEV_INITRD stops anyone doing those allegedly unsafe updates anyway. -- Måns Rullgård
Powered by blists - more mailing lists