lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130603181110.GA25060@srcf.ucam.org>
Date:	Mon, 3 Jun 2013 19:11:10 +0100
From:	Matthew Garrett <mjg59@...f.ucam.org>
To:	James Bottomley <James.Bottomley@...senPartnership.com>
Cc:	Borislav Petkov <bp@...en8.de>,
	Linux EFI <linux-efi@...r.kernel.org>,
	Matt Fleming <matt@...sole-pimps.org>,
	Jiri Kosina <jkosina@...e.cz>, X86-ML <x86@...nel.org>,
	LKML <linux-kernel@...r.kernel.org>, Borislav Petkov <bp@...e.de>
Subject: Re: [PATCH 0/4] EFI 1:1 mapping

On Mon, Jun 03, 2013 at 11:05:03AM -0700, James Bottomley wrote:
> On Mon, 2013-06-03 at 17:42 +0100, Matthew Garrett wrote:
> > Why do you persist in this belief that all system vendors are going to 
> > have run a shell, let alone any kind of test suite? That runs counter to 
> > everything we've learned about x86 firmware. People verify that it runs 
> > Windows and then ship it.
> 
> I don't, but I find it hard to believe no vendor ever runs an EFI shell
> on their systems.  The feedback I got from a couple of OEMs is that they
> use the shell mostly for internal testing.

There are vendors that do, and I expect that there are vendors who 
don't. There are vendors who will make changes to firmware and run the 
EFI test suite, and there are vendors who will make changes to firmware 
and run Windows.

> > The problem there is that you're saying "In theory". We know that 
> > Windows doesn't behave this way, so we have no legitimate expectation 
> > that it'll work. We know that it doesn't on some Apple hardware.
> 
> Fine, you say we need to call SetVirtualAddressMap because windows does,
> I agree, I'm just saying we get additional safety from calling it with
> the 1:1 map ... I don't see what the problem is.

No. I'm saying that calling it with the 1:1 map is something very 
different to the behaviour of Windows, and I'm saying that doing so is 
known to cause variable writes on some Apple hardware to stop working. 
If we're aiming for maximum compatibility, we need to call 
SetVirtualAddressMap() with addresses above the canonicalisation hole.

-- 
Matthew Garrett | mjg59@...f.ucam.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ