| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Oct 2015 10:53:46 +0000 From: "Kweh, Hock Leong" <hock.leong.kweh@...el.com> To: Bryan O'Donoghue <pure.logic@...us-software.ie>, Borislav Petkov <bp@...en8.de> CC: Matt Fleming <matt@...sole-pimps.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Ong, Boon Leong" <boon.leong.ong@...el.com>, LKML <linux-kernel@...r.kernel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, Sam Protsenko <semen.protsenko@...aro.org>, Peter Jones <pjones@...hat.com>, Andy Lutomirski <luto@...capital.net>, "Roy Franz" <roy.franz@...aro.org>, James Bottomley <James.Bottomley@...senpartnership.com>, Linux FS Devel <linux-fsdevel@...r.kernel.org>, "Fleming, Matt" <matt.fleming@...el.com> Subject: RE: [PATCH v7 1/2] efi: export efi_capsule_supported() function symbol > -----Original Message----- > From: Bryan O'Donoghue [mailto:pure.logic@...us-software.ie] > Sent: Tuesday, October 06, 2015 5:27 AM > > Wilson - trying to test this out on a Galileo Gen2 - which branch are you doing > this against ? > > I can apply the first patch you're proposing to squash your commit into > > https://lkml.org/lkml/diff/2014/10/7/390/1 > > but then trying to apply the first in your series on top of that patch I get > > deckard@...eko:~/Development/linux$ git > apply ../patches/capsule_wilson/1_2.eml > ../patches/capsule_wilson/1_2.eml:72: trailing whitespace. > EXPORT_SYMBOL_GPL(efi_capsule_supported); > error: drivers/firmware/efi/capsule.c: No such file or directory > > https://kernel.googlesource.com/pub/scm/linux/kernel/git/mfleming/efi/+/ > capsule/drivers/firmware/efi/capsule.c > > > ?? If you are applying Matt's patch https://lkml.org/lkml/diff/2014/10/7/390/1 which had been created 1 year ago to mainline vanilla kernel (Linux 4.3-rc4), you are not able to direct patch in due to the Makefile error below: ~/MyWorks/linux_mainline$ git apply .git/rebase-apply/0001 --reject Checking patch arch/x86/kernel/reboot.c... Hunk #1 succeeded at 527 (offset 11 lines). Checking patch drivers/firmware/efi/Makefile... error: while searching for: # # Makefile for linux kernel # obj-$(CONFIG_EFI) += efi.o vars.o reboot.o obj-$(CONFIG_EFI_VARS) += efivars.o obj-$(CONFIG_EFI_VARS_PSTORE) += efi-pstore.o obj-$(CONFIG_UEFI_CPER) += cper.o error: patch failed: drivers/firmware/efi/Makefile:1 Checking patch drivers/firmware/efi/capsule.c... Checking patch drivers/firmware/efi/reboot.c... Checking patch include/linux/efi.h... Hunk #1 succeeded at 122 (offset 3 lines). Hunk #2 succeeded at 983 (offset 23 lines). Hunk #3 succeeded at 1235 (offset 23 lines). Hunk #4 succeeded at 1317 (offset 23 lines). Applied patch arch/x86/kernel/reboot.c cleanly. Applying patch drivers/firmware/efi/Makefile with 1 rejects... Rejected hunk #1. Applied patch drivers/firmware/efi/capsule.c cleanly. Applied patch drivers/firmware/efi/reboot.c cleanly. Applied patch include/linux/efi.h cleanly. You should resolve the Makefile error and then git add 5 files below: - arch/x86/kernel/reboot.c - drivers/firmware/efi/Makefile - drivers/firmware/efi/reboot.c - include/linux/efi.h - drivers/firmware/efi/capsule.c then you are able to patch in my patchset. > > If so - then why not use the interface here ? > https://kernel.googlesource.com/pub/scm/linux/kernel/git/mfleming/efi/+/ > capsule > > (Sorry I know I'm coming to this thread late) > > Aside from that, I'm curious which types of capsules you've used here too - > does it include the MFH header ? Keep in mind the initial firmware that > shipped with Galileo will depend on that MFH being present. > > http://download.intel.com/support/processors/quark/sb/quark_secureboot > prm_330234_001.pdf > - Section A1 - table 7 ? > > So if we boot a 4.x kernel with that initial firmware version 0.75 if memory > serves - it's important that the capsule.c code handles the MFH. > Already got agreement with Matt that Quark Security Header patch will not be upstream to mainline as it is not a standard header. So Intel will carry this patch ourselves. Thanks & Regards, Wilson
Powered by blists - more mailing lists