lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 16 Feb 2022 10:11:59 +0100
From:   Krzysztof Adamski <krzysztof.adamski@...ia.com>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     Guenter Roeck <linux@...ck-us.net>,
        Alexander Sverdlin <alexander.sverdlin@...ia.com>,
        Mark Rutland <mark.rutland@....com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Peter Collingbourne <pcc@...gle.com>,
        Wolfram Sang <wsa+renesas@...g-engineering.com>,
        Matija Glavinic-Pecotic <matija.glavinic-pecotic.ext@...ia.com>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-efi <linux-efi@...r.kernel.org>
Subject: Re: [PATCH v2] arm64: move efi_reboot to restart handler

Dnia Tue, Feb 15, 2022 at 06:03:30PM +0100, Ard Biesheuvel napisaƂ(a):
>> > But if we want to prevent registering some custom code to be run before > efi_reboot(), that new API would have to be rejected as well, for the
>> > same reason. So what is the point?
>> >
>>
>> Ah, yes, you are right. The emmc example does reset the emmc, after all,
>> which one could use as argument that it "violates" the EFI mandate.
>> Sorry, I guess you'll be stuck with out-of-tree code (and, realistically,
>> so is everyone using emmc in an arm64 based system with an EFI restart
>> handler which does not implement emmc reset). Actually, turns out that
>> the emmc restart handling code is not reliable anyway, since for example
>> x86 doesn't use/support the restart handler call chain, and neither
>> do several other architectures.
>>
>
>Rich firmware like EFI and ACPI implies that the firmware knows how to
>manage the hardware.
>

In an ideal world, probably yes. When I move there, I will probably have
less concerns :)

>
>> Other options for you might be to disable EFI restart handling in your
>> system (assuming that is possible), or to implement the necessary code
>> as part of the EFI restart handler, ie outside Linux, again if that is
>> possible.
>>
>
>Either implement EFI reset properly, or not at all. Adding code to the
>OS that forces it to reason about whether or not EFI reset can be
>called safely simply means that the EFI implementation is broken and
>should probably be avoided entirely.

That is black-and-white thinking. There are shades of gray, too :)

Imagine this sitation - you have a SoC and the vendor delivers this SoC
together with support and code for that SoC. You use it to build some
platform around that SoC but that platform is much more complicated than
the basic one. It is custom and specific to your needs. The vendor
provided firmware, together with the EFI implementation can handle
reseting the SoC without problems but you also have some additional
parts in your platform you would like to handle. Why, in such a case, I
should not use the existing EFI implementation and just build on top of
that? Avoiding using it entirely does not seem reasonable to me. It
might also not be possible as you might not know all the details to
reimplement it.

On PC/Server world, that approach might be feasible - the vendor knows
the usecase for their product well enough to support all the cases. But
ARM64 is being often used for other, so called "embedded", usecases.
People working in "embedded" often have unique needs and I do understand
that mainline kernel cannot support all of them. But when supporting
them is easy and does not require some ugly hacks to be added, why not?

For years we were implementing ways to overcome limitations in
hardware and vendor software implementations. restart_handler mechanism
is quite pretty example of that, one which isn't really hacky, does not
introduce maintainabity problems if widely used. Why not support it on
ARM64 as well? Only because in ideal world it wouldn't be needed? :)

I understand it should not be needed in EFI world and there are
approaches that could be used instead of that one, but they all seem
like taking a sledgehammer to crack a nut.

Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ