From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Shea Levy <shea@shealevy.com>
Cc: torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH 2/2] efi: Validate UEFI boot variables
Date: Tue, 1 May 2012 01:31:56 +0100 [thread overview]
Message-ID: <20120501003156.GA9543@srcf.ucam.org> (raw)
In-Reply-To: <4F9F279E.606@shealevy.com>
On Mon, Apr 30, 2012 at 08:00:30PM -0400, Shea Levy wrote:
> On 04/30/2012 04:11 PM, Matthew Garrett wrote:
> >A common flaw in UEFI systems is a refusal to POST triggered by a malformed
> >boot variable. Once in this state, machines may only be restored by
> >reflashing their firmware with an external hardware device. While this is
> >obviously a firmware bug, the serious nature of the outcome suggests that
> >operating systems should filter their variable writes in order to prevent
> >a malicious user from rendering the machine unusable.
>
> Any chance this will make it safe to use efibootmgr on Apple EFI
> firmware? I've been afraid to use it because I've read it can
> silently brick the device due to a mistake in efibootmgr. Obviously
> this won't correct that mistake, but with this applied should a
> successful variable set imply that the firmware wasn't bricked?
As far as I know that's been fixed since
202f9d0a41809e3424af5f61489b48b622824aed - the problem wasn't
efibootmgr, the problem was Apple's firmware overwriting itself.
--
Matthew Garrett | mjg59@srcf.ucam.org
next prev parent reply other threads:[~2012-05-01 0:32 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-30 20:11 [PATCH 1/2] efi: Add new variable attributes Matthew Garrett
2012-04-30 20:11 ` [PATCH 2/2] efi: Validate UEFI boot variables Matthew Garrett
2012-05-01 0:00 ` Shea Levy
2012-05-01 0:31 ` Matthew Garrett [this message]
2012-05-02 3:55 ` Ben Hutchings
2012-05-02 14:54 ` Matthew Garrett
2012-04-30 22:33 ` [PATCH 1/2] efi: Add new variable attributes Linus Torvalds
-- strict thread matches above, loose matches on Subject: below --
2012-02-16 13:58 Matthew Garrett
2012-02-16 13:58 ` [PATCH 2/2] efi: Validate UEFI boot variables Matthew Garrett
2012-02-16 14:27 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120501003156.GA9543@srcf.ucam.org \
--to=mjg59@srcf.ucam.org \
--cc=linux-kernel@vger.kernel.org \
--cc=shea@shealevy.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.