lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 6 Oct 2015 10:53:46 +0000
From:	"Kweh, Hock Leong" <hock.leong.kweh@...el.com>
To:	Bryan O'Donoghue <pure.logic@...us-software.ie>,
	Borislav Petkov <bp@...en8.de>
CC:	Matt Fleming <matt@...sole-pimps.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	"Ong, Boon Leong" <boon.leong.ong@...el.com>,
	LKML <linux-kernel@...r.kernel.org>,
	"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
	Sam Protsenko <semen.protsenko@...aro.org>,
	Peter Jones <pjones@...hat.com>,
	Andy Lutomirski <luto@...capital.net>,
	"Roy Franz" <roy.franz@...aro.org>,
	James Bottomley <James.Bottomley@...senpartnership.com>,
	Linux FS Devel <linux-fsdevel@...r.kernel.org>,
	"Fleming, Matt" <matt.fleming@...el.com>
Subject: RE: [PATCH v7 1/2] efi: export efi_capsule_supported() function
 symbol

> -----Original Message-----
> From: Bryan O'Donoghue [mailto:pure.logic@...us-software.ie]
> Sent: Tuesday, October 06, 2015 5:27 AM
> 
> Wilson - trying to test this out on a Galileo Gen2 - which branch are you doing
> this against ?
> 
> I can apply the first patch you're proposing to squash your commit into
> 
> https://lkml.org/lkml/diff/2014/10/7/390/1
> 
> but then trying to apply the first in your series on top of that patch I get
> 
> deckard@...eko:~/Development/linux$ git
> apply ../patches/capsule_wilson/1_2.eml
> ../patches/capsule_wilson/1_2.eml:72: trailing whitespace.
> EXPORT_SYMBOL_GPL(efi_capsule_supported);
> error: drivers/firmware/efi/capsule.c: No such file or directory
> 
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/mfleming/efi/+/
> capsule/drivers/firmware/efi/capsule.c
> 
> 
> ??

If you are applying Matt's patch https://lkml.org/lkml/diff/2014/10/7/390/1 which
had been created 1 year ago to mainline vanilla kernel (Linux 4.3-rc4), you are not
able to direct patch in due to the Makefile error below:

~/MyWorks/linux_mainline$ git apply .git/rebase-apply/0001 --reject 
Checking patch arch/x86/kernel/reboot.c...
Hunk #1 succeeded at 527 (offset 11 lines).
Checking patch drivers/firmware/efi/Makefile...
error: while searching for:
#
# Makefile for linux kernel
#
obj-$(CONFIG_EFI)                       += efi.o vars.o reboot.o
obj-$(CONFIG_EFI_VARS)                  += efivars.o
obj-$(CONFIG_EFI_VARS_PSTORE)           += efi-pstore.o
obj-$(CONFIG_UEFI_CPER)                 += cper.o
 
error: patch failed: drivers/firmware/efi/Makefile:1
Checking patch drivers/firmware/efi/capsule.c...
Checking patch drivers/firmware/efi/reboot.c...
Checking patch include/linux/efi.h...
Hunk #1 succeeded at 122 (offset 3 lines).
Hunk #2 succeeded at 983 (offset 23 lines).
Hunk #3 succeeded at 1235 (offset 23 lines).
Hunk #4 succeeded at 1317 (offset 23 lines).
Applied patch arch/x86/kernel/reboot.c cleanly.
Applying patch drivers/firmware/efi/Makefile with 1 rejects...
Rejected hunk #1.
Applied patch drivers/firmware/efi/capsule.c cleanly.
Applied patch drivers/firmware/efi/reboot.c cleanly.
Applied patch include/linux/efi.h cleanly.

You should resolve the Makefile error and then git add 5 files below:
- arch/x86/kernel/reboot.c
- drivers/firmware/efi/Makefile
- drivers/firmware/efi/reboot.c
- include/linux/efi.h
- drivers/firmware/efi/capsule.c

then you are able to patch in my patchset.

> 
> If so - then why not use the interface here ?
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/mfleming/efi/+/
> capsule
> 
> (Sorry I know I'm coming to this thread late)
> 
> Aside from that, I'm curious which types of capsules you've used here too -
> does it include the MFH header ? Keep in mind the initial firmware that
> shipped with Galileo will depend on that MFH being present.
> 
> http://download.intel.com/support/processors/quark/sb/quark_secureboot
> prm_330234_001.pdf
> - Section A1 - table 7 ?
> 
> So if we boot a 4.x kernel with that initial firmware version 0.75 if memory
> serves - it's important that the capsule.c code handles the MFH.
> 

Already got agreement with Matt that Quark Security Header patch will not
be upstream to mainline as it is not a standard header. So Intel will carry this
patch ourselves.


Thanks & Regards,
Wilson

Powered by blists - more mailing lists