lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250119173205.2965649-1-linux@t4c.dev>
Date: Sun, 19 Jan 2025 18:32:05 +0100
From: Hendrik 'T4cC0re' Meyer <linux@....dev>
To: ardb@...nel.org
Cc: linux-doc@...r.kernel.org,
	linux-efi@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	linux@....dev
Subject: [PATCH] efistub: add efi=quiet parameter to selectively silence efistub alone

Hello!

> Could you explain the use case please? Your concern is that removing
'quiet' from the command line is producing a few additional lines of
output from the EFI stub at boot?

Sure :) I boot a UKI (with Secure Boot and TPM measurements)  with an
embedded splash image, and the cmdline
'memtest=2 earlyprintk=serial,ttyS0,115200 console=ttyS0,115200n8'

The stub by default (without 'quiet') will print messages regarding
the UKI and it being measured into the TPM on the efifb (I assume)
rendering on top of the displayed splash image.

"EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path"
 and "EFI stub: Measured initrd data into PCR 9" to be specific.

> How is that a problem compared to
the fact that you get the entire kernel log printed to the console?

Very relevant question. Because of the 'memtest=2' flag, there is a
delay during boot, which should be logged (with memtest progress) to
the serial console. 'quiet' will silence these logs.

> Is every single line printed there relevant to you, and only the ones
emitted by the EFI stub are not?

Basically, yes. I want the kernel's printk's, but not have the output
of the efistub dipsplayed on top of the splash screen of the UKI.

I did not find a way to redirect this output, and adding a 'efi=quiet'
option seemed like a low hanging fruit.

Hendrik

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ