lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 2 Oct 2019 11:39:13 +0300
From:   Mika Westerberg <mika.westerberg@...ux.intel.com>
To:     Mario.Limonciello@...l.com
Cc:     linux-usb@...r.kernel.org, andreas.noever@...il.com,
        michael.jamet@...el.com, YehezkelShB@...il.com,
        rajmohan.mani@...el.com,
        nicholas.johnson-opensource@...look.com.au, lukas@...ner.de,
        gregkh@...uxfoundation.org, stern@...land.harvard.edu,
        anthony.wong@...onical.com, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 17/22] thunderbolt: Add initial support for USB4

On Tue, Oct 01, 2019 at 06:14:23PM +0000, Mario.Limonciello@...l.com wrote:
> One more thought; would you consider exporting to sysfs sw->config.vendor_id?
> Maybe an attribute that is switch_vendor?
> 
> Userland fwupd also does validation on the NVM and will need to follow this.
> The same check will go into fwupd to match the vendor and lack of nvm_non_active0
> to mark the device as not updatable.  When the checks in the kernel get relaxed,
> some NVM parsing will have to make it over to fwupd too to relax the check at that point.

The original idea was that the kernel does the basic validation and
userspace then does more complex checks. Currently you can compare the
two NVM images (active one and the new) and find that information there.
I think fwupd is doing just that already. Is that not enough?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ