lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+CmpXs4YsTA3QnD77SaXq3mRYX6oFwx+pm-3wEErwkF-02M+A@mail.gmail.com>
Date:   Wed, 2 Oct 2019 18:36:48 +0300
From:   Yehezkel Bernat <yehezkelshb@...il.com>
To:     Mario Limonciello <Mario.Limonciello@...l.com>
Cc:     Mika Westerberg <mika.westerberg@...ux.intel.com>,
        linux-usb@...r.kernel.org,
        Andreas Noever <andreas.noever@...il.com>,
        Michael Jamet <michael.jamet@...el.com>,
        Rajmohan Mani <rajmohan.mani@...el.com>,
        nicholas.johnson-opensource@...look.com.au,
        Lukas Wunner <lukas@...ner.de>, gregkh@...uxfoundation.org,
        stern@...land.harvard.edu,
        Anthony Wong <anthony.wong@...onical.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 17/22] thunderbolt: Add initial support for USB4

On Wed, Oct 2, 2019 at 6:09 PM <Mario.Limonciello@...l.com> wrote:
>
> > -----Original Message-----
> > From: Mika Westerberg <mika.westerberg@...ux.intel.com>
> > Sent: Wednesday, October 2, 2019 3:39 AM
> > To: Limonciello, Mario
> > Cc: linux-usb@...r.kernel.org; andreas.noever@...il.com;
> > michael.jamet@...el.com; YehezkelShB@...il.com; rajmohan.mani@...el.com;
> > nicholas.johnson-opensource@...look.com.au; lukas@...ner.de;
> > gregkh@...uxfoundation.org; stern@...land.harvard.edu;
> > anthony.wong@...onical.com; linux-kernel@...r.kernel.org
> > Subject: Re: [RFC PATCH 17/22] thunderbolt: Add initial support for USB4
> >
> >
> > [EXTERNAL EMAIL]
> >
> > On Tue, Oct 01, 2019 at 06:14:23PM +0000, Mario.Limonciello@...l.com wrote:
> > > One more thought; would you consider exporting to sysfs sw-
> > >config.vendor_id?
> > > Maybe an attribute that is switch_vendor?
> > >
> > > Userland fwupd also does validation on the NVM and will need to follow this.
> > > The same check will go into fwupd to match the vendor and lack of
> > nvm_non_active0
> > > to mark the device as not updatable.  When the checks in the kernel get
> > relaxed,
> > > some NVM parsing will have to make it over to fwupd too to relax the check at
> > that point.
> >
> > The original idea was that the kernel does the basic validation and
> > userspace then does more complex checks. Currently you can compare the
> > two NVM images (active one and the new) and find that information there.
> > I think fwupd is doing just that already. Is that not enough?
>
> I guess for fwupd we can do this without the extra attribute:
>
> 1) If no NVM files or nvm_version: means unsupported vendor -show that messaging somewhere.
> This means kernel doesn't know the vendor.
>
> 2) If NVM file and nvm_version: means kernel knows it
> *fwupd checks the vendor offset for intel.
> -> intel: good, proceed
> ->something else: fwupd needs to learn the format for the new vendor, show messaging
>
> There is the unlikely case that kernel knows new vendor format and vendor NVM happened to have
> same value as Intel vendor ID in same location of Intel NVM but another meaning.
> Hopefully that doesn't happen :)

It's not even "same location - another meaning", the vendor ID comes from the
DROM section, so it takes a few internal jumps inside the NVM to find the
location. One of the "pointers" or section headers will be broken for sure.

And after this, we need to find the NVM in LVFS and it has to pass validation in
a few other locations. The chances are so low that I'd think it isn't worth
worrying about it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ