lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXFKHe3dD1YJXODnNP9UG-5Y1r+JVvicEpNs2M0O6XPLvw@mail.gmail.com>
Date: Wed, 15 Jan 2025 16:00:45 +0100
From: Ard Biesheuvel <ardb@...nel.org>
To: James Bottomley <James.Bottomley@...senpartnership.com>
Cc: Weizhao Ouyang <o451686892@...il.com>, Jonathan Corbet <corbet@....net>, Jeremy Kerr <jk@...abs.org>, 
	Tim Schumacher <timschumi@....de>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-efi@...r.kernel.org
Subject: Re: [RFC PATCH] efivarfs: Introduce efivarfs refresh remount

On Wed, 15 Jan 2025 at 15:58, James Bottomley
<James.Bottomley@...senpartnership.com> wrote:
>
> On Wed, 2025-01-15 at 22:49 +0800, Weizhao Ouyang wrote:
> > On Wed, Jan 15, 2025 at 10:34 PM James Bottomley
> > <James.Bottomley@...senpartnership.com> wrote:
> > >
> > > On Wed, 2025-01-15 at 22:14 +0800, Weizhao Ouyang wrote:
> > > > Currently, when setting efi variables through the runtime
> > > > service, efivarfs cannot sync variable updates properly.
> > > > Introduce efivarfs refresh remount to support efivarfs
> > > > information updates from other sources.
> > >
> > > What other sources could there possibly be?  While the Linux kernel
> > > has sole possession of the EFI RT interface after ExitBootServices
> > > has been called, nothing else should be able to update the
> > > variables except efivarfs.  This is a guarantee from UEFI so why do
> > > you think we can't rely on it?
> >
> > One route that may exist is: drivers/firmware/efi/test/efi_test.c
> > holds some ioctls to call runtime service.
>
> That's not supposed to be used for anything other than direct testing
> using the firmware test suite, which shouldn't impact production use of
> efivarfs because it's defined to be N in Kconfig.   However, if we
> suddenly decided there was a use case for production systems running
> the test suite, the way forwards would be a notifier that tells
> efivarfs about successful updates to variables as they occur without
> having to remount.
>

I'd argue that running efi_test while efivarfs is mounted renders your
test results useless, and so there is no need to make them play nicely
together.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ