lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMj1kXE6L+aNJCCcq=A3q=oG-e83JA=iA1ujSaat0BRjgyH0XA@mail.gmail.com>
Date:   Mon, 10 Oct 2022 10:59:24 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Borislav Petkov <bp@...en8.de>
Cc:     linux-efi@...r.kernel.org, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] efi: x86: Make the deprecated EFI handover protocol optional

On Sat, 8 Oct 2022 at 17:51, Borislav Petkov <bp@...en8.de> wrote:
>
> On Sat, Oct 08, 2022 at 05:41:40PM +0200, Ard Biesheuvel wrote:
> > Yeah most distros have ~100 ore more patches against GRUB, but this
> > isn't actually their fault. GRUB maintainership was defunct for a
> > number of years, which is why we were stuck on GRUB version 2.02-beta3
> > for such a long time. But in recent years, things have been getting
> > better, and there is an agreement with the current maintainer not to
> > merge the EFI handover protocol, and merge the new EFI protocol based
> > initrd loading method instead, which works on all architectures
> > instead of only on x86.
>
> Aha, ok.
>
> > Never tried that in .S files but I guess it should just work.
>
> If not, at least in the .c files.
>
> > I'd venture a guess that this will break the boot even your own x86
> > boxes, given that almost nobody uses plain upstream GRUB..
> >
> > I can work with the distros directly to start disabling this in their
> > downstream configs once their GRUB builds are up to date with the new
> > changes, so we can phase this out in a controlled manner.
>
> Hm, that might turn out to be a multi-year effort considering how the
> enterprise distros' kernels are moving. Yeah, yeah, they have good
> reasons and so on.
>

Yes, this is going to take time. But we simply cannot get rid of it
today, so the choice we have is between doing nothing at all, or
taking the next step in phasing out this stuff.

-- 
Ard.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ