lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 22 Mar 2016 16:37:33 -0500
From:	Mario Limonciello <mario_limonciello@...l.com>
To:	LKML <linux-kernel@...r.kernel.org>
Cc:	matt@...eblueprint.co.uk, mjg59@...eos.com, pjones@...hat.com,
	Mario Limonciello <mario_limonciello@...l.com>
Subject: [PATCH] Add fwupdate and Mok GUID's to the EFI variable immutable whitelist

ed8b0de5a33d2a2557dce7f9429dca8cb5bc5879 caused all variables to be
immutable by default.  This causes problems with userspace applications
mokutil and fwupdate.
---
 drivers/firmware/efi/vars.c | 2 ++
 include/linux/efi.h         | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
index 0ac594c..16bd2a9 100644
--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -199,6 +199,8 @@ static const struct variable_validate variable_validate[] = {
 	{ EFI_GLOBAL_VARIABLE_GUID, "PlatformLang", validate_ascii_string },
 	{ EFI_GLOBAL_VARIABLE_GUID, "Timeout", validate_uint16 },
 	{ LINUX_EFI_CRASH_GUID, "*", NULL },
+	{ FWUPDATE_GUID, "fwupdate*", NULL },
+	{ MOK_GUID, "Mok*", NULL },
 	{ NULL_GUID, "", NULL },
 };
 
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 1626474..c882cb0 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -575,6 +575,14 @@ void efi_native_runtime_setup(void);
 	EFI_GUID(0x8be4df61, 0x93ca, 0x11d2, \
 		 0xaa, 0x0d, 0x00, 0xe0, 0x98, 0x03, 0x2b, 0x8c)
 
+#define FWUPDATE_GUID \
+	EFI_GUID(0x0abba7dc, 0xe516, 0x4167, \
+		 0xbb, 0xf5, 0x4d, 0x9d, 0x1c, 0x73, 0x94, 0x16)
+
+#define MOK_GUID \
+	EFI_GUID(0x605dab50, 0xe046, 0x4300, \
+		 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
+
 #define UV_SYSTEM_TABLE_GUID \
 	EFI_GUID(0x3b13a7d4, 0x633e, 0x11dd, \
 		 0x93, 0xec, 0xda, 0x25, 0x56, 0xd8, 0x95, 0x93)
-- 
2.7.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ