lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 8 Aug 2014 12:45:14 -0300
From:	Henrique de Moraes Holschuh <hmh@....eng.br>
To:	Borislav Petkov <bp@...en8.de>
Cc:	linux-kernel@...r.kernel.org, H Peter Anvin <hpa@...or.com>
Subject: Re: [PATCH 7/8] x86, microcode, intel: forbid some incorrect metadata

On Fri, 08 Aug 2014, Borislav Petkov wrote:
> On Fri, Aug 08, 2014 at 10:50:57AM -0300, Henrique de Moraes Holschuh wrote:
> > On Fri, 08 Aug 2014, Borislav Petkov wrote:
> > > If someone tries to load a microcode blob which has been split and so
> > > on, then we should refuse loading. We want to accept microcode from the
> > > vendor and nothing else glued together.
> > 
> > I don't quite get why we should refuse microcode
> 
> Because the blob from the official location passes internal validation, I'd
> strongly assume. Everything else doesn't.
> 
> > that has been split by userspace when the Intel SDM explicitly states
> > that tools can do that if there is a need,
> 
> Where?

Intel SDM vol 3A, last row of table 9-6, page 9-30:

    "Used by utility software to decompose a microcode update into
     multiple microcode updates where each of the new updates is
     constructed without the optional Extended Processor Signature
     Table."

Not that there is any such utility in use as far as I know (and as I said,
iucode-tool doesn't do it either, and I won't add it unless it is absolutely
required).

But, as I said, I don't care about this one anymore because I don't believe
it will have any pratical effects...

> You can't just assume that just because implementations are faulty there
> - they should adhere to the SDM and it is authoritative. If the extended
> signatures are really needed at some point, implementations will have to
> be fixed.

... exactly because just about every implementation WILL have to be fixed,
which means someone @intel will show up around here with a patch.

> > I will respin the patch without the %1024 comment.  Note that I never
> > *removed* any test, we never tested for %1024 in the first place
> 
> And I'm saying we should if we're loading the official blob.

I will add a patch doing that.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists