lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a4d0bf2c-34a2-6c43-92fe-6db1d6c00a44@gmail.com>
Date:   Fri, 21 Jul 2023 20:11:49 +0200
From:   Alicja Michalska <ahplka19@...il.com>
To:     Brian Norris <briannorris@...omium.org>
Cc:     Tzung-Bi Shih <tzungbi@...nel.org>, linux-kernel@...r.kernel.org,
        robbarnes@...gle.com, lalithkraj@...gle.com, rrangel@...omium.org,
        bleung@...omium.org, groeck@...omium.org,
        chrome-platform@...ts.linux.dev
Subject: Re: [PATCH] platform/chrome: cros_ec_lpc: Add DMI definition for
 post-Skylake machines running custom Coreboot builds

That's understandable :)

I spoke with Matt (MrChromebox). It seems like he tried to upstream 
similar patch to what I suggested here few years ago, but it never got 
merged.
Reason for this is that pre-Skylake machines had different DMI vendor name.

For example, that's my DMI information from ELDRID (Google/Volteer 
baseboard) running MrChromebox's firmware and mainline kernel:

[...]
Vendor: coreboot
Manufacturer: Google
[...]

There's a match for coreboot/GOOGLE, but not for coreboot/Google - which 
is the case for all modern-ish machines made past 2018 (reef, octopus, 
hatch, volteer, brya and so on).

As for the concerns regarding removal of outdated DMIs - it's 
understandable, but mainline doesn't work correctly on stock firmware. 
In order to get mainline Linux running correctly on any ChromeOS device, 
user has to flash firmware that contains our patches.

We currently support over 100 machines, starting with first machines 
that used Coreboot (SandyBridge) up to AlderLake (at the moment). 
Flashing those machines (pre-CR50) is as simple as removing Write 
Protect screw and running MrChromebox's script from ChromeOS shell.

Once that's done, Chromebooks behave in the same exact way as UEFI 
systems (because we're using EDK2 as Coreboot payload in our builds) 
with correct ACPI tables and other numerous fixes that are missing from 
stock firmware.

https://chrultrabook.github.io/docs/docs/getting-started.html

On 21/07/2023 19:28, Brian Norris wrote:
> On Fri, Jul 21, 2023 at 10:16 AM Alicja Michalska <ahplka19@...il.com> wrote:
>> I've explained the reason behind adding this patch, but we'll go with
>> different approach next time around.
> 
> FWIW, I'm also confused about your first sentence the same way
> Tzung-Bi is. If two people are confused by parts of your description,
> then maybe it needs improvement :)
> 
>> Since we're discussing this, I would like to suggest removal of DMI
>> matches for EOL machines from lines 503...535 (Link, Samus, Peppy, Glimmer).
>>
>> Those machines aren't supported by Google anymore. Patch I suggested
>> will match DMI while running custom firmware.
>>
>> If maintainers are okay with it, I will submit a patch removing DMI
>> matches for stock firmware running on those machines since it's not
>> needed anymore.
> 
> That seems actively harmful. These devices continue to work just fine
> with their stock BIOS, even if Google no longer supports updating the
> Google-built OS. That doesn't mean people can't boot other OS'es
> (e.g., their own ChromiumOS builds; or other Linux distros) on them.
> 
> Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ