* Patch "x86/efi: Clarify that reset attack mitigation needs appropriate userspace" has been added to the 4.15-stable tree
@ 2018-02-02 10:44 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2018-02-02 10:44 UTC (permalink / raw)
To: mjg59, ard.biesheuvel, gregkh, mingo, peterz, tglx, torvalds
Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
x86/efi: Clarify that reset attack mitigation needs appropriate userspace
to the 4.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-efi-clarify-that-reset-attack-mitigation-needs-appropriate-userspace.patch
and it can be found in the queue-4.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From a5c03c31af2291f13689d11760c0b59fb70c9a5a Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@google.com>
Date: Tue, 16 Jan 2018 09:10:02 +0000
Subject: x86/efi: Clarify that reset attack mitigation needs appropriate userspace
From: Matthew Garrett <mjg59@google.com>
commit a5c03c31af2291f13689d11760c0b59fb70c9a5a upstream.
Some distributions have turned on the reset attack mitigation feature,
which is designed to force the platform to clear the contents of RAM if
the machine is shut down uncleanly. However, in order for the platform
to be able to determine whether the shutdown was clean or not, userspace
has to be configured to clear the MemoryOverwriteRequest flag on
shutdown - otherwise the firmware will end up clearing RAM on every
reboot, which is unnecessarily time consuming. Add some additional
clarity to the kconfig text to reduce the risk of systems being
configured this way.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/Kconfig | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -159,7 +159,10 @@ config RESET_ATTACK_MITIGATION
using the TCG Platform Reset Attack Mitigation specification. This
protects against an attacker forcibly rebooting the system while it
still contains secrets in RAM, booting another OS and extracting the
- secrets.
+ secrets. This should only be enabled when userland is configured to
+ clear the MemoryOverwriteRequest flag on clean shutdown after secrets
+ have been evicted, since otherwise it will trigger even on clean
+ reboots.
endmenu
Patches currently in stable-queue which might be from mjg59@google.com are
queue-4.15/x86-efi-clarify-that-reset-attack-mitigation-needs-appropriate-userspace.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-02-02 10:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-02 10:44 Patch "x86/efi: Clarify that reset attack mitigation needs appropriate userspace" has been added to the 4.15-stable tree gregkh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.