lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 Sep 2021 21:58:11 +0300
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Morten Linderud <morten@...derud.pw>,
        Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>
Cc:     Stefan Berger <stefanb@...ux.ibm.com>,
        linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
        Oleksandr Natalenko <oleksandr@...alenko.name>
Subject: Re: [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI
 config

On Mon, 2021-09-20 at 22:34 +0200, Morten Linderud wrote:
> Some vendors report faulty values in the acpi TPM2 table. This causes

Nit: ACPI (not acpi)

> the function to abort with EIO and essentially short circuits the
> tpm_read_log function as we never even attempt to read the EFI
> configuration table for a log.

Nit: tpm_read_log()

> This changes the condition to only look for a positive return value,
> else hands over the eventlog discovery to the EFI configuration table

"hands over" -> "fallback"

> which should hopefully work better.

Please write in imperative form, e.g. "Change...", or perhaps in this
case "Look...". 

Hopes are somewhat irrelevant, in the context of a commit message.

> It's unclear to me if there is a better solution to this then just
> failing. However, I do not see any clear reason why we can't properly
> fallback to the EFI configuration table.

Neither hopes nor doubts help us :-)

Because the commit message did not discuss any of the code changes
that were done it is very hard to say much anything of this yet.

There's also one corner case that was not discussed in the commit
message.

The historical reason for not using TPM2 file is that old TPM2's
did not have that feature. You have to ensure that legacy hardware
does not break.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ