lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 30 Aug 2006 12:34:16 -0700 (PDT)
From:	David Lang <dlang@...italinsight.com>
To:	Sven Luther <sven.luther@...adoo.fr>
cc:	Olaf Hering <olaf@...fle.de>, Michael Buesch <mb@...sch.de>,
	Greg KH <greg@...ah.com>, Oleg Verych <olecom@...wer.upol.cz>,
	James Bottomley <James.Bottomley@...eleye.com>,
	debian-kernel@...ts.debian.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] MODULE_FIRMWARE for binary firmware(s)

On Wed, 30 Aug 2006, Sven Luther wrote:

>>>
>>> Do you really need to bring up ipw2200 so early ? It is some kind of
>>> wireless
>>> device, right ?
>>
>> if modules are not in use the device is initialized when the kernel starts
>> up. this is before any userspace starts.
>
> Well. but you could do the initialization at open time too, like the other
> case that was mentioned here, no ?

no, at least not in the current kernel. as was mentioned earlier in this thread 
the ipw2200 needs the firmware at initialization, but some others don't need it 
until open. I don't know if it's even possible to re-write the driver to do 
this.

>>> As for initramfs, you can just cat it behind the kernel, and it should work
>>> just fine, or at least this is how it was supposed to work.
>>
>> yes, if I want to set one up.
>>
>> other then this new requirement to have the ipw2200 driver as a module I
>> have no reason to use one. normal userspace is good enough for me.
>
> Well, ok.
>
> The real question seems to be if we want to keep the firmware inside the
> driver or not.
>
> If we want to remove it, then we put, not the module, but the firmware itself
> with some basic userspace to load it on demand in the initramfs, and this is
> reason enough to create an initramfs. The fact that the builtin device is
> initialized before the initramfs is loaded seems like a bug to me, since the
> idea of the initramfs (well, one of them at least), was to initialize it early
> enough for this kind of things.

this isn't my understanding.

my understanding is that the kernel fully initializes all built-in drivers, then 
loads userspace and starts running it.

that userspace can be on a device that it knows how to read, or it can be 
userspace on initramfs so that you can load additional modules to give you 
access to the hardware that you want to run on.

this is needed if your root drive is a SCSI drive and you have it's driver 
compiled as a module for example.

this is needed if your root drive uses dm and you need to initialize the array 
(one advantage of md, from the user standpoint, is that it doesn't require this 
additional layer before use)

however this is not soon enough to supply the firmware for devices like this.

> If on the other side, it is more important to not have an initramfs (because
> of security issues, or bootloader constraints or what not), then sure, there
> is not much choice than putting the firmware in the driver or in the kernel
> directly.
>
> But again, the initramfs is just a memory space available at the end of the
> kernel, and there is no hardware-related constraint to access it which are in
> any way different from having the firmware linked in together with the kernel,
> so it is only a matter of organisation of code, as well as taking a decision
> on the above, and to act accordyingly.

if the firmware needed for any drivers compiled in was appended to the kernel 
the same way that initramfs is, without requireing the other things needed to 
make initrmfs useable I think that would be reasonable (bundling them togeather 
as opposed to embedding the firmware in the kernel). it may even be possible to 
have the firmware as files in a initramfs that contains nothing else, and the 
kernel knows how to read the data directly (without the hotplug firmware request 
userspace stuff)

> Does using an initramfs really have some negative side, security related ?
> Would some kind of signed or encrypted initramfs be preferable there ?

adding an initramfs to a system that doesn't need it otherwise adds 
complications to the configure and boot process.

requireing modules when they weren't required before adds complication, and 
if/when the patch that's floating around to eliminate access to /dev/kmem is 
ever accepted, there are security advantages of running a kernel that doesn't 
have any support for run-time modifications (i.e. module loading).

I realize that many people want to make initramfs mandatory (with things like 
partition detection moved to userspace), but unless there is a standard 
initramfs that is shipped and maintained with the kernel to implement things 
like this (see the klibc discussion a few weeks ago) you are adding 
complications without much of a benifit to the user.

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ