lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 14 Dec 2020 19:48:40 +0200
From:   Ilias Apalodimas <ilias.apalodimas@...aro.org>
To:     Heinrich Schuchardt <xypron.glpk@....de>
Cc:     ard.biesheuvel@....com, Ard Biesheuvel <ardb@...nel.org>,
        Arvind Sankar <nivedita@...m.mit.edu>,
        Ingo Molnar <mingo@...nel.org>, linux-efi@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] efi/libstub: Allow EFI_NOT_FOUND on LOAD_FILE2_PROTOCOL
 calls for initrd

On Mon, Dec 14, 2020 at 06:39:21PM +0100, Heinrich Schuchardt wrote:
> On 14.12.20 18:01, Ilias Apalodimas wrote:
> > At the moment the EFI stub tries to load an initrd from the
> > cmdline provided option only if the LoadFile2 protocol does not exist
> > on the initrd device path.
> >
> > This might prove problematic for EFI installers that need their own
> > version of initrd to start the installation process and the firmware
> 
> Did you hit a real world case?
> 

Yes while trying to install debian with U-boot, in which I enabled LoadFile2
protocol

[...]
> > @@ -599,7 +600,14 @@ efi_status_t efi_load_initrd_dev_path(unsigned long *load_addr,
> >  				(void *)initrd_addr);
> >  	if (status != EFI_SUCCESS) {
> >  		efi_free(initrd_size, initrd_addr);
> > -		return EFI_LOAD_ERROR;
> > +		/*
> > +		 * Some firmware implementations might install the EFI
> 
> In U-Boot the filename is set a compile time. As the path may relate to
> a removable medium, it would not make sense to check the existence of
> the file when installing the protocol.
> 

Agree. That's why I am trying to change the behavior of the stub slightly
and respect the firmware's return value on this.
More over the whole idea is to load the file exactly when requested, rather
than store it in memory and wait until someone requests it.

> > +		 * protocol without checking the file is present and return
> > +		 * EFI_NOT_FOUND when trying to load the file.
> > +		 * If that's the case, allow the cmdline defined initrd to
> > +		 * load.
> 
> U-Boot's implementation could also return EFI_NO_MEDIA if
> CONFIG_EFI_INITRD_FILESPEC relates to a non-existent partition.
> 
> Why should we fall back to the command line in this case?
> 
> The whole idea of this protocol is to disallow the specification of an
> initrd via the command line.

We are not falling back in that case. We only allow a fallback if 
EFI_NOT_FOUND is explicitly returned. 

That being said my check is wrong. I need to check it on the first invocation
of load file, not the last one. I'll send a V2

Regards
/Ilias

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ