From: Borislav Petkov <bp@alien8.de>
To: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: linux-kernel@vger.kernel.org, H Peter Anvin <hpa@zytor.com>
Subject: Re: [PATCH 7/8] x86, microcode, intel: forbid some incorrect metadata
Date: Fri, 8 Aug 2014 17:21:35 +0200 [thread overview]
Message-ID: <20140808152135.GD2776@pd.tnic> (raw)
In-Reply-To: <20140808135057.GC17542@khazad-dum.debian.net>
On Fri, Aug 08, 2014 at 10:50:57AM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 08 Aug 2014, Borislav Petkov wrote:
> > If someone tries to load a microcode blob which has been split and so
> > on, then we should refuse loading. We want to accept microcode from the
> > vendor and nothing else glued together.
>
> I don't quite get why we should refuse microcode
Because the blob from the official location passes internal validation, I'd
strongly assume. Everything else doesn't.
> that has been split by userspace when the Intel SDM explicitly states
> that tools can do that if there is a need,
Where?
> In these last two weeks I tried to look around for microcode loader
> implementantions, and now I believe we will *never* see microcode with the
> current version of the extended signatures specification. The loaders in
> the field are just too broken, Intel might as well come up with a new and
> enhanced design that doesn't have so many sharp edges, since nearly everyone
> will have to patch their loaders anyway.
You can't just assume that just because implementations are faulty there
- they should adhere to the SDM and it is authoritative. If the extended
signatures are really needed at some point, implementations will have to
be fixed.
> I will respin the patch without the %1024 comment. Note that I never
> *removed* any test, we never tested for %1024 in the first place
And I'm saying we should if we're loading the official blob.
--
Regards/Gruss,
Boris.
Sent from a fat crate under my desk. Formatting is fine.
--
next prev parent reply other threads:[~2014-08-08 15:21 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-23 20:10 [PATCH 0/8] x86, microcode: cosmetic and minor issue fixes Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 1/8] x86, microcode, amd: fix missing static declaration Henrique de Moraes Holschuh
2014-07-24 10:24 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 2/8] x86, microcode, intel: fix missing static declarations Henrique de Moraes Holschuh
2014-07-24 10:28 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 3/8] x86, microcode, intel: fix typos Henrique de Moraes Holschuh
2014-07-24 10:33 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 4/8] x86, microcode, intel: fix missing declaration Henrique de Moraes Holschuh
2014-07-24 11:01 ` Borislav Petkov
2014-07-24 14:27 ` Henrique de Moraes Holschuh
2014-07-24 18:23 ` [PATCH v2 4/8] x86, microcode, intel: rename apply_microcode and declare it static Henrique de Moraes Holschuh
2014-07-25 16:23 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 5/8] x86, microcode, intel: don't use fields from unknown format header Henrique de Moraes Holschuh
2014-07-24 11:37 ` Borislav Petkov
2014-07-24 13:30 ` Henrique de Moraes Holschuh
2014-07-24 14:28 ` Borislav Petkov
2014-07-24 15:07 ` Henrique de Moraes Holschuh
2014-07-24 16:29 ` Borislav Petkov
2014-07-24 17:49 ` Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 6/8] x86, microcode, intel: total_size is valid only when data_size != 0 Henrique de Moraes Holschuh
2014-07-25 16:46 ` Borislav Petkov
2014-07-25 19:04 ` Henrique de Moraes Holschuh
2014-07-28 14:26 ` Borislav Petkov
2014-07-28 15:39 ` Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 7/8] x86, microcode, intel: forbid some incorrect metadata Henrique de Moraes Holschuh
2014-07-28 15:31 ` Borislav Petkov
2014-07-28 19:37 ` Henrique de Moraes Holschuh
2014-07-29 10:45 ` Borislav Petkov
2014-07-29 20:25 ` Henrique de Moraes Holschuh
2014-08-04 11:09 ` Borislav Petkov
2014-08-04 20:18 ` Henrique de Moraes Holschuh
2014-08-08 12:54 ` Borislav Petkov
2014-08-08 13:50 ` Henrique de Moraes Holschuh
2014-08-08 15:21 ` Borislav Petkov [this message]
2014-08-08 15:45 ` Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 8/8] x86, microcode, intel: correct extended signature checksum verification Henrique de Moraes Holschuh
2014-07-28 20:36 ` Henrique de Moraes Holschuh
2014-08-24 14:55 ` [tip:x86/microcode] x86, microcode, amd: Fix missing static declaration tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:55 ` [tip:x86/microcode] x86, microcode, intel: Add missing static declarations tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:56 ` [tip:x86/microcode] x86, microcode, intel: Fix typos tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:56 ` [tip:x86/microcode] x86, microcode, intel: Rename apply_microcode and declare it static tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:56 ` [tip:x86/microcode] x86, microcode, intel: Fix total_size computation tip-bot for Henrique de Moraes Holschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140808152135.GD2776@pd.tnic \
--to=bp@alien8.de \
--cc=hmh@hmh.eng.br \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).