lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 30 Sep 2008 08:47:24 -0700
From:	"Allan, Bruce W" <bruce.w.allan@...el.com>
To:	Jiri Kosina <jkosina@...e.cz>,
	"Brandeburg, Jesse" <jesse.brandeburg@...el.com>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-netdev@...r.kernel.org" <linux-netdev@...r.kernel.org>,
	"kkeil@...e.de" <kkeil@...e.de>,
	"agospoda@...hat.com" <agospoda@...hat.com>,
	"arjan@...ux.intel.com" <arjan@...ux.intel.com>,
	"Graham, David" <david.graham@...el.com>,
	"Ronciak, John" <john.ronciak@...el.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"chris.jones@...onical.com" <chris.jones@...onical.com>,
	"tim.gardner@...el.com" <tim.gardner@...el.com>,
	"airlied@...il.com" <airlied@...il.com>
Subject: RE: [RFC PATCH 11/12] e1000e: write protect ICHx NVM to prevent
 malicious write/erase

Yeah, we can do that.  I need to amend the patch a bit to prevent the protected range lock from being lifted unintentionally and will add some debug statements if/when any write/erase cycles fail.

-----Original Message-----
From: Jiri Kosina [mailto:jkosina@...e.cz]
Sent: Tuesday, September 30, 2008 5:41 AM
To: Brandeburg, Jesse
Cc: linux-kernel@...r.kernel.org; linux-netdev@...r.kernel.org; kkeil@...e.de; agospoda@...hat.com; arjan@...ux.intel.com; Graham, David; Allan, Bruce W; Ronciak, John; Thomas Gleixner; chris.jones@...onical.com; tim.gardner@...el.com; airlied@...il.com; Allan, Bruce W
Subject: Re: [RFC PATCH 11/12] e1000e: write protect ICHx NVM to prevent malicious write/erase

On Mon, 29 Sep 2008, Jesse Brandeburg wrote:

> Set the hardware to ignore all write/erase cycles to the GbE region in
> the ICHx NVM.  This feature can be disabled by the WriteProtectNVM module
> parameter (enabled by default) though that is not recommended.
>
> Signed-off-by: Bruce Allan <bruce.w.allan@...el.com>
> Signed-off-by: Jesse Brandeburg <jesse.brandeburg@...el.com>

I guess there is no chance to have kernel somehow notified when
write/erase cycle is unsuccessfully tried, is it? This way, it would also
make chasing the root cause easier.

Thanks,

--
Jiri Kosina
SUSE Labs

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ