| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKv+Gu_SD6yWJMGbTwGUWXtrgZKPkpANNaGe1PUruTG9j0yhcg@mail.gmail.com>
Date: Fri, 16 Feb 2018 11:18:12 +0000
From: Ard Biesheuvel <ard.biesheuvel@...aro.org>
To: Borislav Petkov <bp@...en8.de>
Cc: Joe Konno <joe.konno@...ux.intel.com>,
Matthew Garrett <mjg59@...gle.com>,
Ingo Molnar <mingo@...nel.org>,
Andy Lutomirski <luto@...nel.org>, linux-efi@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jeremy Kerr <jk@...abs.org>, Andi Kleen <ak@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>,
Benjamin Drung <benjamin.drung@...fitbricks.com>,
Peter Jones <pjones@...hat.com>
Subject: Re: [PATCH 0/2] efivars: reading variables can generate SMIs
On 16 February 2018 at 11:08, Borislav Petkov <bp@...en8.de> wrote:
> On Fri, Feb 16, 2018 at 10:58:47AM +0000, Ard Biesheuvel wrote:
>> By your own reasoning above, that's a no-no as well.
>
> I'm sure we can come up with some emulation - the same way we did the
> BIOS emulation.
>
>> But thanks for your input. Anyone else got something constructive to contribute?
>
> The not-breaking userspace is constructive contribution. The last
> paragraph is my usual rant.
>
Fair enough. And I am not disagreeing with you either.
So question to Joe: is it well defined which variables may exhibit
this behavior? Given that UEFI variables are GUID scoped, would
whitelisting certain GUIDs (the ones userland currently relies on to
be readable my non-privileged users) and making everything else
user-only solve this problem as well?
Powered by blists - more mailing lists