lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 06 Oct 2015 15:53:42 +0100
From:	Bryan O'Donoghue <pure.logic@...us-software.ie>
To:	"Kweh, Hock Leong" <hock.leong.kweh@...el.com>,
	Borislav Petkov <bp@...en8.de>
CC:	Matt Fleming <matt@...sole-pimps.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	"Ong, Boon Leong" <boon.leong.ong@...el.com>,
	LKML <linux-kernel@...r.kernel.org>,
	"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
	Sam Protsenko <semen.protsenko@...aro.org>,
	Peter Jones <pjones@...hat.com>,
	Andy Lutomirski <luto@...capital.net>,
	Roy Franz <roy.franz@...aro.org>,
	James Bottomley <James.Bottomley@...senpartnership.com>,
	Linux FS Devel <linux-fsdevel@...r.kernel.org>,
	"Fleming, Matt" <matt.fleming@...el.com>
Subject: Re: [PATCH v7 1/2] efi: export efi_capsule_supported() function symbol

On 06/10/15 11:53, Kweh, Hock Leong wrote:
>> -----Original Message-----
>> From: Bryan O'Donoghue [mailto:pure.logic@...us-software.ie]
>> Sent: Tuesday, October 06, 2015 5:27 AM
>>
>> Wilson - trying to test this out on a Galileo Gen2 - which branch are you doing
>> this against ?
>>
>> I can apply the first patch you're proposing to squash your commit into
>>
>> https://lkml.org/lkml/diff/2014/10/7/390/1
>>
>> but then trying to apply the first in your series on top of that patch I get
>>
>> deckard@...eko:~/Development/linux$ git
>> apply ../patches/capsule_wilson/1_2.eml
>> ../patches/capsule_wilson/1_2.eml:72: trailing whitespace.
>> EXPORT_SYMBOL_GPL(efi_capsule_supported);
>> error: drivers/firmware/efi/capsule.c: No such file or directory
>>
>> https://kernel.googlesource.com/pub/scm/linux/kernel/git/mfleming/efi/+/
>> capsule/drivers/firmware/efi/capsule.c
>>
>>
>> ??
>
> If you are applying Matt's patch https://lkml.org/lkml/diff/2014/10/7/390/1 which
> had been created 1 year ago to mainline vanilla kernel (Linux 4.3-rc4), you are not
> able to direct patch in due to the Makefile error below:
>
> ~/MyWorks/linux_mainline$ git apply .git/rebase-apply/0001 --reject
> Checking patch arch/x86/kernel/reboot.c...
> Hunk #1 succeeded at 527 (offset 11 lines).
> Checking patch drivers/firmware/efi/Makefile...
> error: while searching for:
> #
> # Makefile for linux kernel
> #
> obj-$(CONFIG_EFI)                       += efi.o vars.o reboot.o
> obj-$(CONFIG_EFI_VARS)                  += efivars.o
> obj-$(CONFIG_EFI_VARS_PSTORE)           += efi-pstore.o
> obj-$(CONFIG_UEFI_CPER)                 += cper.o
>
> error: patch failed: drivers/firmware/efi/Makefile:1
> Checking patch drivers/firmware/efi/capsule.c...
> Checking patch drivers/firmware/efi/reboot.c...
> Checking patch include/linux/efi.h...
> Hunk #1 succeeded at 122 (offset 3 lines).
> Hunk #2 succeeded at 983 (offset 23 lines).
> Hunk #3 succeeded at 1235 (offset 23 lines).
> Hunk #4 succeeded at 1317 (offset 23 lines).
> Applied patch arch/x86/kernel/reboot.c cleanly.
> Applying patch drivers/firmware/efi/Makefile with 1 rejects...
> Rejected hunk #1.
> Applied patch drivers/firmware/efi/capsule.c cleanly.
> Applied patch drivers/firmware/efi/reboot.c cleanly.
> Applied patch include/linux/efi.h cleanly.
>
> You should resolve the Makefile error and then git add 5 files below:
> - arch/x86/kernel/reboot.c
> - drivers/firmware/efi/Makefile
> - drivers/firmware/efi/reboot.c
> - include/linux/efi.h
> - drivers/firmware/efi/capsule.c
>
> then you are able to patch in my patchset.
>
>>
>> If so - then why not use the interface here ?
>> https://kernel.googlesource.com/pub/scm/linux/kernel/git/mfleming/efi/+/
>> capsule
>>
>> (Sorry I know I'm coming to this thread late)
>>
>> Aside from that, I'm curious which types of capsules you've used here too -
>> does it include the MFH header ? Keep in mind the initial firmware that
>> shipped with Galileo will depend on that MFH being present.
>>
>> http://download.intel.com/support/processors/quark/sb/quark_secureboot
>> prm_330234_001.pdf
>> - Section A1 - table 7 ?
>>
>> So if we boot a 4.x kernel with that initial firmware version 0.75 if memory
>> serves - it's important that the capsule.c code handles the MFH.
>>
>
> Already got agreement with Matt that Quark Security Header patch will not
> be upstream to mainline as it is not a standard header. So Intel will carry this
> patch ourselves.

Right... so what sort of capsule are you testing with ?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists