lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ff67e26af366013478b0acab5e9ddd49316c605d.camel@HansenPartnership.com>
Date: Wed, 15 Jan 2025 09:58:12 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Weizhao Ouyang <o451686892@...il.com>
Cc: Jonathan Corbet <corbet@....net>, Jeremy Kerr <jk@...abs.org>, Ard
 Biesheuvel <ardb@...nel.org>, Tim Schumacher <timschumi@....de>,
 linux-doc@...r.kernel.org,  linux-kernel@...r.kernel.org,
 linux-efi@...r.kernel.org
Subject: Re: [RFC PATCH] efivarfs: Introduce efivarfs refresh remount

On Wed, 2025-01-15 at 22:49 +0800, Weizhao Ouyang wrote:
> On Wed, Jan 15, 2025 at 10:34 PM James Bottomley
> <James.Bottomley@...senpartnership.com> wrote:
> > 
> > On Wed, 2025-01-15 at 22:14 +0800, Weizhao Ouyang wrote:
> > > Currently, when setting efi variables through the runtime
> > > service, efivarfs cannot sync variable updates properly.
> > > Introduce efivarfs refresh remount to support efivarfs
> > > information updates from other sources.
> > 
> > What other sources could there possibly be?  While the Linux kernel
> > has sole possession of the EFI RT interface after ExitBootServices
> > has been called, nothing else should be able to update the
> > variables except efivarfs.  This is a guarantee from UEFI so why do
> > you think we can't rely on it?
> 
> One route that may exist is: drivers/firmware/efi/test/efi_test.c
> holds some ioctls to call runtime service.

That's not supposed to be used for anything other than direct testing
using the firmware test suite, which shouldn't impact production use of
efivarfs because it's defined to be N in Kconfig.   However, if we
suddenly decided there was a use case for production systems running
the test suite, the way forwards would be a notifier that tells
efivarfs about successful updates to variables as they occur without
having to remount.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ