| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E7B1F46.9020706@gmail.com> Date: Thu, 22 Sep 2011 13:43:02 +0200 From: Maarten Lankhorst <m.b.lankhorst@...il.com> To: Matt Fleming <matt@...sole-pimps.org> CC: linux-kernel@...r.kernel.org, x86@...nel.org, Andi Kleen <andi@...stfloor.org>, Matt Fleming <matt.fleming@...el.com>, "H. Peter Anvin" <hpa@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu>, Mike Waychison <mikew@...gle.com>, Matthew Garrett <mjg@...hat.com> Subject: Re: [PATCH v3 10/10] x86, efi: EFI boot stub support Hey, On 09/21/2011 02:10 PM, Matt Fleming wrote: > From: Matt Fleming <matt.fleming@...el.com> > > There is currently a large divide between kernel development and the > development of EFI boot loaders. The idea behind this patch is to give > the kernel developers full control over the EFI boot process. As > H. Peter Anvin put it, > > "The 'kernel carries its own stub' approach been very successful in > dealing with BIOS, and would make a lot of sense to me for EFI as > well." > > This patch introduces an EFI boot stub that allows an x86 bzImage to > be loaded and executed by EFI firmware. The bzImage appears to the > firmware as an EFI application. Luckily there are enough free bits > within the bzImage header so that it can masquerade as an EFI > application, thereby coercing the EFI firmware into loading it and > jumping to its entry point. The beauty of this masquerading approach > is that both BIOS and EFI boot loaders can still load and run the same > bzImage, thereby allowing a single kernel image to work in any boot > environment. > > The EFI boot stub supports multiple initrds, but they must exist on > the same partition as the bzImage. Command-line arguments for the > kernel can be appended after the bzImage name when run from the EFI > shell, e.g. > > Shell> bzImage console=ttyS0 root=/dev/sdb initrd=initrd.img > > Cc: H. Peter Anvin <hpa@...ux.intel.com> > Cc: Thomas Gleixner <tglx@...utronix.de> > Cc: Ingo Molnar <mingo@...e.hu> > Cc: Mike Waychison <mikew@...gle.com> > Cc: Matthew Garrett <mjg@...hat.com> > Signed-off-by: Matt Fleming <matt.fleming@...el.com> > --- > > v3: > - Fix following warnings when compiling CONFIG_EFI_STUB=n > > arch/x86/boot/tools/build.c: In function ‘main’: > arch/x86/boot/tools/build.c:138:24: warning: unused variable ‘pe_header’ > arch/x86/boot/tools/build.c:138:15: warning: unused variable ‘file_sz’ > > - As reported by Matthew Garrett, some Apple machines have GOPs that > don't have hardware attached. We need to weed these out by > searching for ones that handle the PCIIO protocol. > > - Don't allocate memory if no initrds are on cmdline > - Don't trust image->load_options_size > > - Maarten Lankhorst suggested: > - Don't strip first argument when booted from efibootmgr > - Don't allocate too much memory for cmdline > - Don't update cmdline_size, the kernel considers it read-only > - Don't accept '\n' for initrd names Even if load_options_size is not always completely reliable, could you at least prevent reading more than image->load_options_size? Code below doesn't seem to do that currently.. Thanks, Maarten -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists