lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <fbce35c31f543527d171dd9988b29248d740fb17.camel@linux.ibm.com>
Date:   Fri, 30 Sep 2022 14:24:32 -0400
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Orlando Chamberlain <redecorating@...tonmail.com>,
        linux-kernel@...r.kernel.org
Cc:     jarkko@...nel.org, dmitry.kasatkin@...il.com, paul@...l-moore.com,
        jmorris@...ei.org, serge@...lyn.com, gargaditya08@...e.com,
        linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
        linux-security-module@...r.kernel.org, stable@...r.kernel.org,
        Samuel Jiang <chyishian.jiang@...il.com>
Subject: Re: [PATCHv2 RESEND] efi: Correct Macmini DMI match in uefi cert
 quirk

Hi Orlando,

On Thu, 2022-09-29 at 11:49 +0000, Orlando Chamberlain wrote:
> It turns out Apple doesn't capitalise the "mini" in "Macmini" in DMI, which
> is inconsistent with other model line names.
> 
> Correct the capitalisation of Macmini in the quirk for skipping loading
> platform certs on T2 Macs.
> 
> Currently users get:
> 
> ------------[ cut here ]------------
> [Firmware Bug]: Page fault caused by firmware at PA: 0xffffa30640054000
> WARNING: CPU: 1 PID: 8 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x55/0xe0
> Modules linked in:
> CPU: 1 PID: 8 Comm: kworker/u12:0 Not tainted 5.18.14-arch1-2-t2 #1 4535eb3fc40fd08edab32a509fbf4c9bc52d111e
> Hardware name: Apple Inc. Macmini8,1/Mac-7BA5B2DFE22DDD8C, BIOS 1731.120.10.0.0 (iBridge: 19.16.15071.0.0,0) 04/24/2022
> Workqueue: efi_rts_wq efi_call_rts
> ...
> ---[ end trace 0000000000000000 ]---
> efi: Froze efi_rts_wq and disabled EFI Runtime Services
> integrity: Couldn't get size: 0x8000000000000015
> integrity: MODSIGN: Couldn't get UEFI db list
> efi: EFI Runtime Services are disabled!
> integrity: Couldn't get size: 0x8000000000000015
> integrity: Couldn't get UEFI dbx list
> 
> Fixes: 155ca952c7ca ("efi: Do not import certificates from UEFI Secure Boot for T2 Macs")
> Cc: stable@...r.kernel.org
> Cc: Aditya Garg <gargaditya08@...e.com>
> Tested-by: Samuel Jiang <chyishian.jiang@...il.com>
> Signed-off-by: Orlando Chamberlain <redecorating@...tonmail.com>

Thanks!  The patch is now queued in the next-integrity branch.

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ