lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 5 Jun 2017 18:11:43 +0200
From:   Ingo Molnar <mingo@...nel.org>
To:     Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc:     "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H . Peter Anvin" <hpa@...or.com>,
        Jan Kiszka <jan.kiszka@...mens.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Matt Fleming <matt@...eblueprint.co.uk>
Subject: Re: [PATCH 10/13] efi/capsule: Add support for Quark security header


* Ard Biesheuvel <ard.biesheuvel@...aro.org> wrote:

> >> +config EFI_CAPSULE_QUIRK_QUARK_CSH
> >> +     boolean "Add support for Quark capsules with non-standard headers"
> >> +     depends on X86 && !64BIT
> >> +     select EFI_CAPSULE_LOADER
> >> +     default y
> >> +     help
> >> +       Add support for processing Quark X1000 EFI capsules, whose header
> >> +       layout deviates from the layout mandated by the UEFI specification.
> >
> > BTW., there's no need to further put this behind a Kconfig option: the quirk seems
> > targeted enough, and the whole point of runtime quirks is so that can be applied
> > safely within generic kernels. Turning them off via Kconfig seems wrong.
> >
> 
> Not entirely: enabling this quirk will remove the ability to select
> EFI_CAPSULE_LOADER as a module. So making it unconditional makes
> EFI_CAPSULE_LOADER builtin-only for 32-bit x86. This is necessary for
> the override of __weak symbols in the generic capsule code to work as
> expected.
> 
> This was a compromise between allowing no capsule loader quirks at
> all, and having an elaborate framework with hooks in various places
> (which invariably ends up parameterizing the wrong things if you have
> only one real world quirk to design your framework around).

Ok, I see - fair enough!

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ