lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Oct 2008 08:37:40 -0700 From: "Brandeburg, Jesse" <jesse.brandeburg@...el.com> To: "Jiri Kosina" <jkosina@...e.cz> Cc: <torvalds@...ux-foundation.org>, <jeff@...zik.org>, <davem@...emloft.net>, <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>, <arjan@...ux.intel.com>, "Allan, Bruce W" <bruce.w.allan@...el.com>, <arjan@...ux.intel.com> Subject: RE: [PATCH] e1000e: write protect ICHx NVM to prevent malicious write/erase Jiri Kosina wrote: >> Set the hardware to ignore all write/erase cycles to the GbE region >> in the ICHx NVM. This feature can be disabled by the >> WriteProtectNVM module parameter (enabled by default) only after a >> hardware reset, but >> the machine must be power cycled before trying to enable writes. > Does this impose any user-visible behavior change? (such as not being > able to set up wake-on-lan, change MAC address, whatever). no, because none of that is stored permanently in the eeprom unless you do writes with ethtool -E. Our policy for the driver is generally don't ever write to the eeprom. So all the normal paths (except for initial start on preproduction hardware and ethtool -E writes) do not write to the eeprom. Currently the driver will let you try to commit a change but with this patch it will never get written to NVM unless you reboot, load driver (the first time!) with WriteProtectNVM=0 and *then* do ethtool -E. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists