lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Apr 2022 14:03:22 +0000 From: Aditya Garg <gargaditya08@...e.com> To: Mimi Zohar <zohar@...ux.ibm.com> CC: "jarkko@...nel.org" <jarkko@...nel.org>, "dmitry.kasatkin@...il.com" <dmitry.kasatkin@...il.com>, "jmorris@...ei.org" <jmorris@...ei.org>, "serge@...lyn.com" <serge@...lyn.com>, "ast@...nel.org" <ast@...nel.org>, "daniel@...earbox.net" <daniel@...earbox.net>, "andrii@...nel.org" <andrii@...nel.org>, "kafai@...com" <kafai@...com>, "songliubraving@...com" <songliubraving@...com>, "yhs@...com" <yhs@...com>, "john.fastabend@...il.com" <john.fastabend@...il.com>, "kpsingh@...nel.org" <kpsingh@...nel.org>, "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>, "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>, Orlando Chamberlain <redecorating@...tonmail.com>, "admin@...eit.net" <admin@...eit.net>, "stable@...r.kernel.org" <stable@...r.kernel.org> Subject: Re: [PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs > > Both the comment here and the patch description above still needs to be > improved. Perhaps something along these lines. Checkout v5 > > Secure boot on Apple Macs with a T2 Security chip cannot read either > the EFI variables or the certificates stored in different db's (e.g. > db, dbx, MokListXRT). Attempting to read them causes ... > > Avoid reading the EFI variables or the certificates stored in different > dbs. As a result, without certificates secure boot signature > verification fails. > > thanks, > > Mimi > >
Powered by blists - more mailing lists