lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <yw1xoacjrlez.fsf@unicorn.mansr.com>
Date:	Mon, 18 Jan 2016 14:51:00 +0000
From:	Måns Rullgård <mans@...sr.com>
To:	Borislav Petkov <bp@...e.de>
Cc:	Thomas Voegtle <tv@...96.de>, Michal Marek <mmarek@...e.cz>,
	Markus Trippelsdorf <markus@...ppelsdorf.de>,
	linux-kernel@...r.kernel.org, x86-ml <x86@...nel.org>
Subject: Re: [RFC PATCH] x86/kconfig: Sanity-check config file during oldconfig

Borislav Petkov <bp@...e.de> writes:

> On Mon, Jan 18, 2016 at 02:11:49PM +0000, Måns Rullgård wrote:
>> Wasn't the idea *not* to disable CONFIG_MICROCODE?
>
> Is the error message not understandable?
>
> +MSG="\nYou have CONFIG_MICROCODE enabled without BLK_DEV_INITRD. The preferred\n\
> +way is to enable it and make sure microcode is added to your initrd as\n\
> +explained in Documentation/x86/early-microcode.txt. This is also the\n\
> +most tested method as the majority of distros do it. Alternatively, and\n\
> +if you don't want to enable modules, you should make sure the microcode\n\
> +is built into the kernel.\n"

I understand and disagree.  I think you're being overzealous in trying
to bludgeon people into doing things the way you think they should be
done.

>From the point of view of the actual update mechanism, what difference
does it make where the microcode data was retrieved from?  If you want
to warn about what you consider "unsafe" updates, do that when the
update happens instead.  With this patch, simply enabling BLK_DEV_INITRD
will shut up the warning even if an initrd is never actually used.
Also, what do modules have to do with anything?

-- 
Måns Rullgård

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ