lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Nov 2013 18:25:28 +0900 From: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com> To: Richard Weinberger <richard@....at> CC: <linux-efi@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <matt@...sole-pimps.org>, <matt.fleming@...el.com>, <matthew.garrett@...ula.com>, <jlee@...e.com>, <cxie@...hat.com> Subject: Re: [PATCH] x86, efi: add no_bricked_efi whitelist (2013/11/20 17:54), Richard Weinberger wrote: > Am Mittwoch, 20. November 2013, 17:34:18 schrieb Yasuaki Ishimatsu: >> By following works, my system very often fails set_variable() to set new >> variable to efi variable storage and shows "efivars: set_variable() failed: >> status=-28" message. >> >> - commit 68d929862e29a8b52a7f2f2f86a0600423b093cd >> efi: be more paranoid about available space when creating variables >> - commit 31ff2f20d9003e74991d135f56e503fe776c127c >> efi: Distinguish between "remaining space" and actually used space >> - commit 8c58bf3eec3b8fc8162fe557e9361891c20758f2 >> x86,efi: Implement efi_no_storage_paranoia parameter >> - commit f8b8404337de4e2466e2e1139ea68b1f8295974f >> Modify UEFI anti-bricking code >> >> When booting my system, remaining space of efi variable storage is about >> 5KB. So there is no room that sets a new variable to the storage. On my >> system, trigger of gc is when EFI_OUT_OF_RESOURCES occurs on pre OS >> environment with UEFI. So if EFI_OUT_OF_RESOURCES occurs by the 5Kbyte >> threshold, nvram storage cannot be used until EFI_OUT_OF_RESOURCES occurs >> on pre OS environment with UEFI. >> >> This patch adds whitelist. If a server is in the whitelist, >> efi_no_storage_paranoia is set to true. And the system can use all efi >> variable storage. >> >> Signed-off-by: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com> >> CC: Matthew Garrett <matthew.garrett@...ula.com> >> CC: Richard Weinberger <richard@....at> >> CC: Lee, Chun-Y <jlee@...e.com> >> CC: Madper Xie <cxie@...hat.com> >> CC: Matt Fleming <matt.fleming@...el.com> >> --- >> arch/x86/platform/efi/efi.c | 29 +++++++++++++++++++++++++++++ >> 1 file changed, 29 insertions(+) >> >> diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c >> index c7e22ab..9fadf5d 100644 >> --- a/arch/x86/platform/efi/efi.c >> +++ b/arch/x86/platform/efi/efi.c >> @@ -116,6 +116,15 @@ static int __init setup_storage_paranoia(char *arg) >> } >> early_param("efi_no_storage_paranoia", setup_storage_paranoia); >> >> +struct no_bricked_efi { >> + char vendor[100]; >> + u32 revision; >> +}; >> + >> +static struct no_bricked_efi efi_whitelist[] __initdata = { >> + {"FUJITSU LIMITED", 0}, > > So, no UEFI from Fujitsu on planet earth suffers from such issues? > How can you guarantee that? Thank you for comments. I cannot guarantee that. How about using Product Name gotten by dmi_get_system_info(DMI_PRODUCT_NAME) instead of Vendor Name.? Thanks, Yasuaki Ishimatsu > > Thanks, > //richard > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists