From: Shea Levy <shea@shealevy.com>
To: Matthew Garrett <mjg@redhat.com>
Cc: torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH 2/2] efi: Validate UEFI boot variables
Date: Mon, 30 Apr 2012 20:00:30 -0400 [thread overview]
Message-ID: <4F9F279E.606@shealevy.com> (raw)
In-Reply-To: <1335816690-26019-2-git-send-email-mjg@redhat.com>
Hi,
On 04/30/2012 04:11 PM, Matthew Garrett wrote:
> A common flaw in UEFI systems is a refusal to POST triggered by a malformed
> boot variable. Once in this state, machines may only be restored by
> reflashing their firmware with an external hardware device. While this is
> obviously a firmware bug, the serious nature of the outcome suggests that
> operating systems should filter their variable writes in order to prevent
> a malicious user from rendering the machine unusable.
Any chance this will make it safe to use efibootmgr on Apple EFI
firmware? I've been afraid to use it because I've read it can silently
brick the device due to a mistake in efibootmgr. Obviously this won't
correct that mistake, but with this applied should a successful variable
set imply that the firmware wasn't bricked?
Cheers,
Shea Levy
next prev parent reply other threads:[~2012-05-01 0:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-30 20:11 [PATCH 1/2] efi: Add new variable attributes Matthew Garrett
2012-04-30 20:11 ` [PATCH 2/2] efi: Validate UEFI boot variables Matthew Garrett
2012-05-01 0:00 ` Shea Levy [this message]
2012-05-01 0:31 ` Matthew Garrett
2012-05-02 3:55 ` Ben Hutchings
2012-05-02 14:54 ` Matthew Garrett
2012-04-30 22:33 ` [PATCH 1/2] efi: Add new variable attributes Linus Torvalds
-- strict thread matches above, loose matches on Subject: below --
2012-02-16 13:58 Matthew Garrett
2012-02-16 13:58 ` [PATCH 2/2] efi: Validate UEFI boot variables Matthew Garrett
2012-02-16 14:27 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F9F279E.606@shealevy.com \
--to=shea@shealevy.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg@redhat.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox