lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <yw1xegdsz42z.fsf@unicorn.mansr.com>
Date:	Fri, 08 Jan 2016 11:46:28 +0000
From:	Måns Rullgård <mans@...sr.com>
To:	Borislav Petkov <bp@...e.de>
Cc:	Thomas Voegtle <tv@...96.de>,
	Markus Trippelsdorf <markus@...ppelsdorf.de>,
	linux-kernel@...r.kernel.org
Subject: Re: x86/microcode update on systems without INITRD

Borislav Petkov <bp@...e.de> writes:

> On Fri, Jan 08, 2016 at 11:18:51AM +0000, Måns Rullgård wrote:
>> Neither "depends on" nor "select" makes sense to me here.  The driver
>> apparently works without it,
>
> The driver works without it if you build your microcode into the kernel.
>
> There are use cases where building microcode into the kernel is *not* a
> viable option so we have to support both builtin microcode and microcode
> from the initrd.

How is an initrd different from a real filesystem as seen by the
microcode update driver?

>> and simply having BLK_DEV_INITRD enabled doesn't prevent improper
>> (according to some people) use of the driver. If updating microcode
>> is inherently unsafe when a real disk is mounted, the driver ought
>> to detect this and refuse the operation (possibly with an override
>> option).
>
> Huh, what?
>
> -ENOPARSE.

The objection against removing the dependency was that updating
microcode "late" isn't safe.  I don't see how turning on BLK_DEV_INITRD
stops anyone doing those allegedly unsafe updates anyway.

-- 
Måns Rullgård

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ