lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 20 Nov 2013 09:54:03 +0100
From:	Richard Weinberger <richard@....at>
To:	Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com>
Cc:	linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
	matt@...sole-pimps.org, matt.fleming@...el.com,
	matthew.garrett@...ula.com, jlee@...e.com, cxie@...hat.com
Subject: Re: [PATCH] x86, efi: add no_bricked_efi whitelist

Am Mittwoch, 20. November 2013, 17:34:18 schrieb Yasuaki Ishimatsu:
> By following works, my system very often fails set_variable() to set new
> variable to efi variable storage and shows "efivars: set_variable() failed:
> status=-28" message.
> 
> - commit 68d929862e29a8b52a7f2f2f86a0600423b093cd
>     efi: be more paranoid about available space when creating variables
> - commit 31ff2f20d9003e74991d135f56e503fe776c127c
>     efi: Distinguish between "remaining space" and actually used space
> - commit 8c58bf3eec3b8fc8162fe557e9361891c20758f2
>     x86,efi: Implement efi_no_storage_paranoia parameter
> - commit f8b8404337de4e2466e2e1139ea68b1f8295974f
>     Modify UEFI anti-bricking code
> 
> When booting my system, remaining space of efi variable storage is about
> 5KB. So there is no room that sets a new variable to the storage. On my
> system, trigger of gc is when EFI_OUT_OF_RESOURCES occurs on pre OS
> environment with UEFI. So if EFI_OUT_OF_RESOURCES occurs by the 5Kbyte
> threshold, nvram storage cannot be used until EFI_OUT_OF_RESOURCES occurs
> on pre OS environment with UEFI.
> 
> This patch adds whitelist. If a server is in the whitelist,
> efi_no_storage_paranoia is set to true. And the system can use all efi
> variable storage.
> 
> Signed-off-by: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com>
> CC: Matthew Garrett <matthew.garrett@...ula.com>
> CC: Richard Weinberger <richard@....at>
> CC: Lee, Chun-Y <jlee@...e.com>
> CC: Madper Xie <cxie@...hat.com>
> CC: Matt Fleming <matt.fleming@...el.com>
> ---
>  arch/x86/platform/efi/efi.c | 29 +++++++++++++++++++++++++++++
>  1 file changed, 29 insertions(+)
> 
> diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
> index c7e22ab..9fadf5d 100644
> --- a/arch/x86/platform/efi/efi.c
> +++ b/arch/x86/platform/efi/efi.c
> @@ -116,6 +116,15 @@ static int __init setup_storage_paranoia(char *arg)
>  }
>  early_param("efi_no_storage_paranoia", setup_storage_paranoia);
> 
> +struct no_bricked_efi {
> +	char vendor[100];
> +	u32 revision;
> +};
> +
> +static struct no_bricked_efi efi_whitelist[] __initdata = {
> +	{"FUJITSU LIMITED", 0},

So, no UEFI from Fujitsu on planet earth suffers from such issues?
How can you guarantee that?

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ