lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 23 Sep 2020 14:02:49 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-efi <linux-efi@...r.kernel.org>,
        Matthew Garrett <mjg59@...gle.com>,
        Peter Jones <pjones@...hat.com>,
        Anton Vorontsov <anton@...msg.org>,
        Colin Cross <ccross@...roid.com>,
        Tony Luck <tony.luck@...el.com>
Subject: Re: [PATCH 1/7] efi: pstore: disentangle from deprecated efivars
 module

On Wed, Sep 23, 2020 at 08:43:21PM +0200, Ard Biesheuvel wrote:
> On Wed, 23 Sep 2020 at 20:41, Kees Cook <keescook@...omium.org> wrote:
> >
> > On Wed, Sep 23, 2020 at 06:13:58PM +0200, Ard Biesheuvel wrote:
> > > The EFI pstore implementation relies on the 'efivars' abstraction,
> > > which encapsulates the EFI variable store in a way that can be
> > > overridden by other backing stores, like the Google SMI one.
> > >
> > > On top of that, the EFI pstore implementation also relies on the
> > > efivars.ko module, which is a separate layer built on top of the
> > > 'efivars' abstraction that exposes the [deprecated] sysfs entries
> > > for each variable that exists in the backing store.
> > >
> > > Since the efivars.ko module is deprecated, and all users appear to
> > > have moved to the efivarfs file system instead, let's prepare for
> > > its removal, by removing EFI pstore's dependency on it.
> > >
> > > Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> >
> > With this and the other pstore patch, do the pstore self-tests still
> > pass on an EFI system?
> >
> > If so, please consider both:
> >
> > Acked-by: Kees Cook <keescook@...omium.org>
> >
> 
> Selftests? Excellent! Are they documented too?

Not really, but they're pretty simple:

cd tools/testing/selftests/pstore
*double-check "config" against running kernel config*
./pstore_tests
./pstore_crash_test
*wait for system to reboot*
cd tools/testing/selftests/pstore
./pstore_post_reboot_tests

(though please test before/after, just to make sure other deltas haven't
broken things before your series -- I don't test EFI pstore with high
frequency)

-- 
Kees Cook

Powered by blists - more mailing lists