lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXH9f+xXe3j3Bx-tku8k9eiWO_BVw70ePbfEft4stxjjgw@mail.gmail.com>
Date:   Wed, 2 Aug 2023 12:47:24 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Borislav Petkov <bp@...en8.de>
Cc:     linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
        Evgeniy Baskov <baskov@...ras.ru>,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Alexey Khoroshilov <khoroshilov@...ras.ru>,
        Peter Jones <pjones@...hat.com>,
        Gerd Hoffmann <kraxel@...hat.com>,
        Dave Young <dyoung@...hat.com>,
        Mario Limonciello <mario.limonciello@....com>,
        Kees Cook <keescook@...omium.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Joerg Roedel <jroedel@...e.de>
Subject: Re: [PATCH v7 22/22] x86/efistub: Avoid legacy decompressor when
 doing EFI boot

On Wed, 2 Aug 2023 at 12:26, Borislav Petkov <bp@...en8.de> wrote:
>
> On Fri, Jul 28, 2023 at 11:09:16AM +0200, Ard Biesheuvel wrote:
> > The bare metal decompressor code was never really intended to run in a
> > hosted environment such as the EFI boot services, and does a few things
> > that are problematic in the context of EFI boot now that the logo
> > requirements are getting tighter.
>
> Please spend a sentence or two explaining those. After some time has
> passed, no one will remember what that tightening of the requirements
> was.
>

OK. The next paragraph already covers this to some extent, but i'll
add some more prose here to clarify it further.

> So yeah, other than those minor nitpicks, I like the thing, all in all.
>

Good.

> Pls send v8 so that I can run it here on my machines. A git branch would
> be cool too.
>

OK

https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=x86-efistub-cleanup-v8

I'll prepare the v8 based on this branch after doing some more tests
on bare metal. I'll probably send it out later today.

> As to merging this, I presume you want it to go through tip?
>

It depends on the timing. If we take the whole thing now, it should
ideally go through -tip.

There is a conflict with the kexec sev patch you just suggested on the
list, though. I'll rebase onto that in any case, but if that causes
any problems, we might decide to take everything except the last two
(or three *) patches now, and defer those for later.

* 'efi/libstub: Add limit argument to efi_random_alloc()' may conflict
with some changes that may arrive via the RISC-V tree. That patch is
completely independent, so perhaps I should put it on a shared stable
branch in the EFI tree. Or alternatively, depending on how you decide
to organize the branches, you could put it at the beginning of the
topic branch where the RISC-V tree can merge it in.

Or we might just ignore the conflict - it just adds a function
argument to a function call that gets moved from one source file to
the another in the conflicting branch, so it should be rather
straight-forward to resolve.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ