| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Nov 2013 18:25:28 +0900
From: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com>
To: Richard Weinberger <richard@....at>
CC: <linux-efi@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<matt@...sole-pimps.org>, <matt.fleming@...el.com>,
<matthew.garrett@...ula.com>, <jlee@...e.com>, <cxie@...hat.com>
Subject: Re: [PATCH] x86, efi: add no_bricked_efi whitelist
(2013/11/20 17:54), Richard Weinberger wrote:
> Am Mittwoch, 20. November 2013, 17:34:18 schrieb Yasuaki Ishimatsu:
>> By following works, my system very often fails set_variable() to set new
>> variable to efi variable storage and shows "efivars: set_variable() failed:
>> status=-28" message.
>>
>> - commit 68d929862e29a8b52a7f2f2f86a0600423b093cd
>> efi: be more paranoid about available space when creating variables
>> - commit 31ff2f20d9003e74991d135f56e503fe776c127c
>> efi: Distinguish between "remaining space" and actually used space
>> - commit 8c58bf3eec3b8fc8162fe557e9361891c20758f2
>> x86,efi: Implement efi_no_storage_paranoia parameter
>> - commit f8b8404337de4e2466e2e1139ea68b1f8295974f
>> Modify UEFI anti-bricking code
>>
>> When booting my system, remaining space of efi variable storage is about
>> 5KB. So there is no room that sets a new variable to the storage. On my
>> system, trigger of gc is when EFI_OUT_OF_RESOURCES occurs on pre OS
>> environment with UEFI. So if EFI_OUT_OF_RESOURCES occurs by the 5Kbyte
>> threshold, nvram storage cannot be used until EFI_OUT_OF_RESOURCES occurs
>> on pre OS environment with UEFI.
>>
>> This patch adds whitelist. If a server is in the whitelist,
>> efi_no_storage_paranoia is set to true. And the system can use all efi
>> variable storage.
>>
>> Signed-off-by: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com>
>> CC: Matthew Garrett <matthew.garrett@...ula.com>
>> CC: Richard Weinberger <richard@....at>
>> CC: Lee, Chun-Y <jlee@...e.com>
>> CC: Madper Xie <cxie@...hat.com>
>> CC: Matt Fleming <matt.fleming@...el.com>
>> ---
>> arch/x86/platform/efi/efi.c | 29 +++++++++++++++++++++++++++++
>> 1 file changed, 29 insertions(+)
>>
>> diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
>> index c7e22ab..9fadf5d 100644
>> --- a/arch/x86/platform/efi/efi.c
>> +++ b/arch/x86/platform/efi/efi.c
>> @@ -116,6 +116,15 @@ static int __init setup_storage_paranoia(char *arg)
>> }
>> early_param("efi_no_storage_paranoia", setup_storage_paranoia);
>>
>> +struct no_bricked_efi {
>> + char vendor[100];
>> + u32 revision;
>> +};
>> +
>> +static struct no_bricked_efi efi_whitelist[] __initdata = {
>> + {"FUJITSU LIMITED", 0},
>
> So, no UEFI from Fujitsu on planet earth suffers from such issues?
> How can you guarantee that?
Thank you for comments.
I cannot guarantee that. How about using Product Name gotten by
dmi_get_system_info(DMI_PRODUCT_NAME) instead of Vendor Name.?
Thanks,
Yasuaki Ishimatsu
>
> Thanks,
> //richard
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists