lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Sep 2020 11:45:11 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-efi <linux-efi@...r.kernel.org>,
        Matthew Garrett <mjg59@...gle.com>,
        Peter Jones <pjones@...hat.com>,
        Anton Vorontsov <anton@...msg.org>,
        Colin Cross <ccross@...roid.com>,
        Tony Luck <tony.luck@...el.com>
Subject: Re: [PATCH 1/7] efi: pstore: disentangle from deprecated efivars module

On Wed, 23 Sep 2020 at 23:02, Kees Cook <keescook@...omium.org> wrote:
>
> On Wed, Sep 23, 2020 at 08:43:21PM +0200, Ard Biesheuvel wrote:
> > On Wed, 23 Sep 2020 at 20:41, Kees Cook <keescook@...omium.org> wrote:
> > >
> > > On Wed, Sep 23, 2020 at 06:13:58PM +0200, Ard Biesheuvel wrote:
> > > > The EFI pstore implementation relies on the 'efivars' abstraction,
> > > > which encapsulates the EFI variable store in a way that can be
> > > > overridden by other backing stores, like the Google SMI one.
> > > >
> > > > On top of that, the EFI pstore implementation also relies on the
> > > > efivars.ko module, which is a separate layer built on top of the
> > > > 'efivars' abstraction that exposes the [deprecated] sysfs entries
> > > > for each variable that exists in the backing store.
> > > >
> > > > Since the efivars.ko module is deprecated, and all users appear to
> > > > have moved to the efivarfs file system instead, let's prepare for
> > > > its removal, by removing EFI pstore's dependency on it.
> > > >
> > > > Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
> > >
> > > With this and the other pstore patch, do the pstore self-tests still
> > > pass on an EFI system?
> > >
> > > If so, please consider both:
> > >
> > > Acked-by: Kees Cook <keescook@...omium.org>
> > >
> >
> > Selftests? Excellent! Are they documented too?
>
> Not really, but they're pretty simple:
>
> cd tools/testing/selftests/pstore
> *double-check "config" against running kernel config*
> ./pstore_tests
> ./pstore_crash_test
> *wait for system to reboot*
> cd tools/testing/selftests/pstore
> ./pstore_post_reboot_tests
>
> (though please test before/after, just to make sure other deltas haven't
> broken things before your series -- I don't test EFI pstore with high
> frequency)
>

I have done the 'before' test on three different EFI Linux systems
(x86, arm64 and ARM), and they all give me something like the below

=== Pstore unit tests (pstore_tests) ===
UUID=109d02e6-9395-4274-9554-2c078e87a662
Checking pstore backend is registered ... ok
  backend=efi
  cmdline=BOOT_IMAGE=/vmlinuz-5.3.0-59-generic
root=/dev/mapper/crypt-root ro quiet splash vt.handoff=1
Checking pstore console is registered ... FAIL
Checking /dev/pmsg0 exists ... FAIL
Writing unique string to /dev/pmsg0 ... FAIL

So I'm not sure if there is any point to doing the 'after' test if
this is the baseline.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ