From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Bottomley Subject: Re: MemoryOverwriteRequestControl Date: Mon, 04 Jul 2016 14:31:57 -0700 Message-ID: <1467667917.2288.23.camel@HansenPartnership.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Grant Likely , "linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Jon Masters , Leif Lindholm , Ard Biesheuvel , Peter Jones , Matthew Garrett List-Id: linux-efi@vger.kernel.org On Mon, 2016-07-04 at 20:37 +0100, Grant Likely wrote: > Random question: Does anybody (kernel or distros) do anything with > the MemoryOverwriteRequestControl EFI variable? I was asked by a > platform engineer for input on what Linux needs, and I didn't have an > answer for him. The usual answer for these cases is to do what Tianocore does. Currently, the kernel does nothing with this, but you'd more expect something in userspace to do something with it, probably a component of the TSS. > Reference: section 5 of > https://www.trustedcomputinggroup.org/wp-content/uploads/Platform-Res > et-Attack-Mitigation-Specification.pdf That's a bit of an old Spec. Microsoft has been busy updating this stuff: https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/device-guard-requirements Tianocore head seems to do all of this. James