lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMj1kXFDqhvE3R4ckD32ftkb66CjHZcGPCF0OsX6bev2MmnorA@mail.gmail.com>
Date:   Tue, 28 Jun 2022 09:49:56 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     "Guilherme G. Piccoli" <gpiccoli@...lia.com>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        kernel-dev@...lia.com, kernel@...ccoli.net,
        Anton Vorontsov <anton@...msg.org>,
        Colin Cross <ccross@...roid.com>,
        Kees Cook <keescook@...omium.org>,
        Matt Fleming <matt@...eblueprint.co.uk>,
        Matthew Garrett <matthew.garrett@...ula.com>,
        Tony Luck <tony.luck@...el.com>,
        linux-efi <linux-efi@...r.kernel.org>
Subject: Re: [PATCH 0/2] UEFI panic notification mechanism

On Thu, 2 Jun 2022 at 19:40, Guilherme G. Piccoli <gpiccoli@...lia.com> wrote:
>
> Hi Ard, apologies for annoying!
>

No worries, just very busy :-)

> Just a friendly ping asking if you have any opinions about these patches.
>

Honestly, I'm not sure I see the value of this. You want to 'notify
the UEFI firmware' but the firmware doesn't really care about these
variables, only your bespoke tooling does. EFI pstore captures far
more data, so if you just wipe /sys/fs/pstore after each clean boot,
you already have all the data you need, no?

Also, I'm in the process of removing the public efivar_entry_xxx() API
- please look at the efi/next tree for a peek. This is related to your
point 3), i.e., the efivar layer is a disaster in terms of consistency
between different observers of the EFI variable store. Switching to
efivar_set_variable() [the new API] should fix that.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ