lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 06 Jan 2015 17:23:10 +0000
From:	Bryan O'Donoghue <pure.logic@...us-software.ie>
To:	Darren Hart <dvhart@...radead.org>
CC:	tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
	x86@...nel.org, platform-driver-x86@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] x86: Add IMR support to Quark/Galileo

On 06/01/15 16:48, Darren Hart wrote:
>> Correct. Firmware locks the IMRs around ACPI runtime data data.
>>
>> In the patch here, we cycle though every unlocked IMR and zap it - which
>> will include tear-down of the IMRs placed around the compressed kernel image
>> and boot params data structure. Firmware puts those IMRs in place to ensure
>> no invalid DMA, SMM access to the compressed kernel image during boot can
>> take place.
>
> Thanks Bryan, this clears these questions up for me.
>
> Are we confident that the tear-down of the IMRs around the compressed kernel
> image happens early enough and deterministically, such that there is no race
> condition in which a driver could get DMA into this memory?

Yes confident :)

Tested by baking IMR-platform code + MMC into the kernel and mounting 
the rootfs on Galileo from MMC.

Also tested the reverse case. Attempting to mount an SD kills every 
version of the tip-of-tree I've used with an IMR reset.

Just to be really sure, it's also been tested with the initial 0.7.5 and 
0.8.0 release which didn't have DMI strings to identify the board.

So - with this change in place tip-of-tree should work for everybody on 
Galileo Gen1/Gen2.

It should get the Galileo Debian people out of the business of needing 
to have a separate kernel to boot - though obvious more enabling work 
needs to happen in SoC space still.

http://sourceforge.net/projects/galileodebian/

Also I'm hoping - though I don't have the exact details of this - that 
the crash/non-boot situation for CentOs on Galileo may be as a result of 
IMRs, so hopefully will be of use there too.




--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists