[PATCH 4/5] efi: move ARM CPER code to new file

From: Tyler Baicar <tbai...@codeaurora.org> The ARM CPER code is currently mixed in with the other CPER code. Move it to a new file to separate it from the rest of the CPER code. Signed-off-by: Tyler Baicar <tbai...@codeaurora.org> Cc: Matt Fleming <m...@codeblueprint.co.uk>

[PATCH 3/5] efi: Use PTR_ERR_OR_ZERO()

novych <gomonov...@gmail.com> Signed-off-by: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/

[GIT PULL 0/5] EFI updates for v4.16

routines - some cosmetic cleanups Ard Biesheuvel (1): arm64: efi: ignore EFI_MEMORY_XP attribute if RP and/or WP are set Arvind Yadav (1): efi/capsule-loader: pr_err() strings should end with newlines Tyler Baicar (2

[PATCH 1/5] efi/capsule-loader: pr_err() strings should end with newlines

From: Arvind Yadav <arvind.yadav...@gmail.com> pr_err() messages should terminated with a new-line to avoid other messages being concatenated onto the end. Signed-off-by: Arvind Yadav <arvind.yadav...@gmail.com> Signed-off-by: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-

[PATCH 2/2] efi: capsule-loader: reinstate virtual capsule mapping

: Use a cached copy of the capsule header") Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- arch/x86/platform/efi/quirks.c| 13 +- drivers/firmware/efi/capsule-loader.c | 45 --- include/linux/efi.h | 4 ++

[PATCH 1/2] x86/efi: Fix kernel param add_efi_memmap regression

nobody noticed it. Move efi_memblock_x86_reserve_range() after parse_early_param() to fix it. Signed-off-by: Dave Young <dyo...@redhat.com> Cc: Ingo Molnar <mi...@kernel.org> Signed-off-by: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linar

Re: [RFT PATCH] efi: capsule-loader: reinstate virtual capsule mapping

On 29 December 2017 at 03:09, Bryan O'Donoghue wrote: > >> So we need to fix this without breaking Quark. Fortunately, Quark does >> not appear to care about the virtual mapping, and so we can simply >> do a partial revert of commit 2a457fb31df6 ("efi/capsule-loader:

[RFT PATCH] efi: capsule-loader: reinstate virtual capsule mapping

Cc: Matt Fleming <m...@codeblueprint.co.uk> Cc: Jan Kiszka <jan.kis...@siemens.com> Cc: Bryan O'Donoghue <pure.lo...@nexus-software.ie> Cc: Richard Ruigrok <rruig...@codeaurora.org> Cc: Ge Song <ge.s...@hxt-semitech.com> Signed-off-by: Ard Biesheuvel <ard.biesh

Re: [GIT PULL 0/2] EFI updates for v4.15

On 25 October 2017 at 11:14, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > The following changes since commit 8a5776a5f49812d29fe4b2d0a2d71675c3facf3f: > > Linux 4.14-rc4 (2017-10-08 20:53:29 -0700) > > are available in the git repository at: > > git://git.kern

Re: [PATCH 0/2] Make capsules in a contiguous virtual space

On 21 December 2017 at 21:47, Richard Ruigrok wrote: > Please tested-by > Tested on Centiq, applied on v4.15-rc4. > This fixes the regression introduced in 4.13 where the capsule is no longer > passed in contiguous virtual memory. > > On 12/19/2017 3:49 AM, Ge Song

Re: arm64 crashkernel fails to boot on acpi-only machines due to ACPI regions being no longer mapped as NOMAP

On 19 December 2017 at 07:09, AKASHI Takahiro <takahiro.aka...@linaro.org> wrote: > On Mon, Dec 18, 2017 at 01:40:09PM +0800, Dave Young wrote: >> On 12/15/17 at 05:59pm, AKASHI Takahiro wrote: >> > On Wed, Dec 13, 2017 at 12:17:22PM +, Ard Biesheuvel wrote: >> &g

Re: [PATCH V3 0/2] CPER ARM error information parsing

s good to me. Although I haven't cross referenced every little detail with the spec: Reviewed-by: Ard Biesheuvel <ard.biesheu...@linaro.org> -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH] efi: make EFI a menuconfig to ease disabling it all

On 15 December 2017 at 16:19, Matt Fleming wrote: > On Sat, 09 Dec, at 04:52:52PM, Vincent Legoll wrote: >> No need to get into the submenu to disable all related >> config entries. >> >> This makes it easier to disable all EFI config options >> without entering the

Re: arm64 crashkernel fails to boot on acpi-only machines due to ACPI regions being no longer mapped as NOMAP

On 15 December 2017 at 09:59, AKASHI Takahiro <takahiro.aka...@linaro.org> wrote: > On Wed, Dec 13, 2017 at 12:17:22PM +0000, Ard Biesheuvel wrote: >> On 13 December 2017 at 12:16, AKASHI Takahiro >> <takahiro.aka...@linaro.org> wrote: >> > On Wed, Dec 13, 2017

Re: arm64 crashkernel fails to boot on acpi-only machines due to ACPI regions being no longer mapped as NOMAP

On 13 December 2017 at 12:16, AKASHI Takahiro <takahiro.aka...@linaro.org> wrote: > On Wed, Dec 13, 2017 at 10:49:27AM +0000, Ard Biesheuvel wrote: >> On 13 December 2017 at 10:26, AKASHI Takahiro >> <takahiro.aka...@linaro.org> wrote: >> > Bhupesh, Ard, >

Re: arm64 crashkernel fails to boot on acpi-only machines due to ACPI regions being no longer mapped as NOMAP

On 13 December 2017 at 10:26, AKASHI Takahiro wrote: > Bhupesh, Ard, > > On Wed, Dec 13, 2017 at 03:21:59AM +0530, Bhupesh Sharma wrote: >> Hi Ard, Akashi >> > (snip) > >> Looking deeper into the issue, since the arm64 kexec-tools uses the >>

Re: [PATCH V2 1/2] efi: move ARM CPER code to new file

On 11 December 2017 at 21:29, Tyler Baicar <tbai...@codeaurora.org> wrote: > On 12/11/2017 4:09 PM, Ard Biesheuvel wrote: >> >> On 11 December 2017 at 21:06, Tyler Baicar <tbai...@codeaurora.org> wrote: >>> >>> On 12/7/2017 3:07 PM, Tyler Baic

Re: [PATCH V2 1/2] efi: move ARM CPER code to new file

On 11 December 2017 at 21:06, Tyler Baicar <tbai...@codeaurora.org> wrote: > On 12/7/2017 3:07 PM, Tyler Baicar wrote: >> >> On 12/7/2017 2:38 PM, Ard Biesheuvel wrote: >>>> >>>> diff --git a/include/linux/cper.h b/include/linux/cper.h >>>&g

Re: [PATCH V2 1/2] efi: move ARM CPER code to new file

Hi Tyler, On 7 December 2017 at 19:25, Tyler Baicar wrote: > The ARM CPER code is currently mixed in with the other CPER code. Move it > to a new file to separate it from the rest of the CPER code. > > Signed-off-by: Tyler Baicar > --- >

[PATCH 3/3] efi: add comment to avoid future expanding of sysfs systab

Young <dyo...@redhat.com> Reviewed-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/efi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git

[PATCH 2/3] efi/esrt: use memunmap rather kfree to free the remapping

From: Pan Bian <bianpan2...@163.com> The remapping result of memremap should be freed with memunmap, not kfree. Signed-off-by: Pan Bian <bianpan2...@163.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Cc: <sta...@vger.kernel.org> Signed-off-by: Ard Biesheuvel &l

[PATCH 1/3] efi: move some sysfs files to be read-only by root

other places at the same time. Reported-by: Linus Torvalds <torva...@linux-foundation.org> Tested-by: Dave Young <dyo...@redhat.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Cc: stable <sta...@vger.kernel.org> Si

[GIT PULL 0/3] EFI fixes for v4.15

The following changes since commit ae64f9bd1d3621b5e60d7363bc20afb46aede215: Linux 4.15-rc2 (2017-12-03 11:01:47 -0500) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git efi-urgent for you to fetch changes up to

Re: [PATCH v2] efi: move some sysfs files to be read-only by root

() macro to > make this easier, and use it in other places at the same time. > > Reported-by: Linus Torvalds <torva...@linux-foundation.org> > Tested-by: Dave Young <dyo...@redhat.com> > Cc: Matt Fleming <m...@codeblueprint.co.uk> > Cc: Ard Biesheuvel <ard.bi

Re: efi/esrt: use memunmap rather kfree to free the remapping

On 29 October 2017 at 14:51, Pan Bian wrote: > The remapping result of memremap should be freed with memunmap, not > kfree. > > Signed-off-by: Pan Bian > --- > drivers/firmware/efi/esrt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff

Re: [PATCH] efi: move some sysfs files to be read-only by root

() macro to > make this easier, and use it in other places at the same time. > > Reported-by: Linus Torvalds <torva...@linux-foundation.org> > Tested-by: Dave Young <dyo...@redhat.com> > Cc: Matt Fleming <m...@codeblueprint.co.uk> > Cc: Ard Biesheuvel <ard.bi

Re: [GIT PULL] hash addresses printed with %p

On 4 December 2017 at 09:59, Greg Kroah-Hartman <gre...@linuxfoundation.org> wrote: > On Mon, Dec 04, 2017 at 09:48:37AM +0000, Ard Biesheuvel wrote: >> On 4 December 2017 at 09:34, Greg Kroah-Hartman >> <gre...@linuxfoundation.org> wrote: >> > On Mon, Dec 04,

Re: [GIT PULL] hash addresses printed with %p

On 4 December 2017 at 09:34, Greg Kroah-Hartman wrote: > On Mon, Dec 04, 2017 at 05:29:28PM +0800, Dave Young wrote: >> On 12/04/17 at 08:36am, Greg Kroah-Hartman wrote: >> > On Mon, Dec 04, 2017 at 10:02:16AM +0800, Dave Young wrote: >> > > +#define

Re: [GIT PULL] hash addresses printed with %p

On 1 December 2017 at 16:33, Kees Cook wrote: > On Fri, Dec 1, 2017 at 7:34 AM, Greg Kroah-Hartman > wrote: > >> And isn't there a specific %p modifier you should use for a kernel >> pointer. I've lost the thread here for what should, or should

Re: [GIT PULL] hash addresses printed with %p

On 1 December 2017 at 09:48, Greg Kroah-Hartman <gre...@linuxfoundation.org> wrote: > On Thu, Nov 30, 2017 at 05:18:42PM +0000, Ard Biesheuvel wrote: >> On 30 November 2017 at 17:10, Greg Kroah-Hartman >> <gre...@linuxfoundation.org> wrote: >> > On Thu, Nov 30,

Re: [GIT PULL] hash addresses printed with %p

On 30 November 2017 at 17:10, Greg Kroah-Hartman wrote: > On Thu, Nov 30, 2017 at 04:32:35PM +, Greg Kroah-Hartman wrote: >> On Wed, Nov 29, 2017 at 01:36:25PM -0800, Linus Torvalds wrote: >> > On Wed, Nov 29, 2017 at 1:14 PM, Linus Torvalds >> >

Re: arm64 crashkernel fails to boot on acpi-only machines due to ACPI regions being no longer mapped as NOMAP

On 13 November 2017 at 09:27, AKASHI Takahiro wrote: > Hi, > > On Fri, Nov 10, 2017 at 05:41:56PM +0530, Bhupesh Sharma wrote: >> Resent with Akashi's correct email address. >> >> On Fri, Nov 10, 2017 at 5:39 PM, Bhupesh Sharma wrote: >> > Hi Ard,

[PATCH 2/2] arm64: efi: ignore EFI_MEMORY_XP attribute if RP and/or WP are set

to execute) Reported-by: Stephen Boyd <sb...@codeaurora.org> Tested-by: Stephen Boyd <sb...@codeaurora.org> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- arch/arm64/kernel/efi.c | 4 +++- 1 file changed, 3 insertions(+), 1

[PATCH 1/2] efi/capsule-loader: pr_err() strings should end with newlines

From: Arvind Yadav <arvind.yadav...@gmail.com> pr_err() messages should terminated with a new-line to avoid other messages being concatenated onto the end. Signed-off-by: Arvind Yadav <arvind.yadav...@gmail.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Cc: J

[GIT PULL 0/2] EFI updates for v4.15

string fix Ard Biesheuvel (1): arm64: efi: ignore EFI_MEMORY_XP attribute if RP and/or WP are set Arvind Yadav (1): efi/capsule-loader: pr_err() strings should end with newlines arch/arm64/kernel/efi.c | 4

[PATCH 1/2] efi/efi_test: Prevent an Oops in efi_runtime_query_capsulecaps()

d efi_test driver for exporting UEFI runtime service interfaces") Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> Acked-by: Ivan Hu <ivan...@canonical.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Signed-off-by: Matt Fleming <m...@codeblueprint.co.uk&

[PATCH 2/2] efi/libstub: arm: don't randomize runtime regions when CONFIG_HIBERNATION=y

. Cc: James Morse <james.mo...@arm.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/libstub/arm-stub.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/lib

[GIT PULL 0/2] EFI fixes for v4.14

crashing on UEFI runtime services invocations after resume from hibernation on ARM Ard Biesheuvel (1): efi/libstub: arm: don't randomize runtime regions when CONFIG_HIBERNATION=y Dan Carpenter (1): efi/efi_test

Re: [PATCH] efi/libstub: arm: omit sorting of the UEFI memory map

On 24 October 2017 at 12:05, Russell King - ARM Linux <li...@armlinux.org.uk> wrote: > On Sun, Oct 22, 2017 at 03:14:57PM +0100, Ard Biesheuvel wrote: >> ARM shares its EFI stub implementation with arm64, which has some >> special handling in the virtual remapping code to &g

[PATCH] efi/libstub: arm: don't randomize runtime regions when CONFIG_HIBERNATION=y

. Cc: James Morse <james.mo...@arm.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/libstub/arm-stub.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/efi/lib

[PATCH] efi/libstub: arm: omit sorting of the UEFI memory map

if they have the same memory attributes. This is guaranteed to work, given that ARM only supports 4 KB pages, and allows us to remove the sort() call entirely. Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/libstub/Makefile | 6 +++--- drivers/firmwa

Re: [PATCH v4 19/27] x86: assembly, make some functions local

On 6 October 2017 at 13:53, Jiri Slaby <jsl...@suse.cz> wrote: > Hi, > > On 10/04/2017, 09:33 AM, Ard Biesheuvel wrote: >> On 4 October 2017 at 08:22, Jiri Slaby <jsl...@suse.cz> wrote: >>> On 10/02/2017, 02:48 PM, Ard Biesheuvel wrote: >>>> On 2 O

Re: Draft manpage explaining kernel lockdown

ay be loaded. > .P > Only validly signed wifi databases may be use. > .P > Unencrypted hibernation/suspend to swap are disallowed as the kernel image is > saved to a medium that can then be accessed. > .P > Use of debugfs is not permitted as this allows a whole range of actions > including direct configuration of, access to and driving of hardware. > .RE > .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" > .SH SEE ALSO > .ad l > .nh > Hello David, Thanks for putting this together. I will let others comment on the details, but in general, this fully addresses my concern regarding the unrealistic expectations one might create when printing 'your kernel is in lockdown mode' into the kernel log without any clarification what this might mean for your particular system. Acked-by: Ard Biesheuvel <ard.biesheu...@linaro.org> -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH v4 19/27] x86: assembly, make some functions local

Hello Jiri, On 4 October 2017 at 08:22, Jiri Slaby <jsl...@suse.cz> wrote: > On 10/02/2017, 02:48 PM, Ard Biesheuvel wrote: >> On 2 October 2017 at 10:12, Jiri Slaby <jsl...@suse.cz> wrote: >>> There is a couple of assembly functions, which are invoke

Re: [PATCH v4 19/27] x86: assembly, make some functions local

sl...@suse.cz> > Cc: "H. Peter Anvin" <h...@zytor.com> > Cc: Thomas Gleixner <t...@linutronix.de> > Cc: Ingo Molnar <mi...@redhat.com> > Cc: x...@kernel.org > Cc: Matt Fleming <m...@codeblueprint.co.uk> > Cc: Ard Biesheuvel <ard.biesheu...@linar

Re: [RFC 00/11] KVM, EFI, arm64: EFI Runtime Services Sandboxing

On 25 August 2017 at 01:31, Florent Revest wrote: > Hi, > > This series implements a mechanism to sandbox EFI Runtime Services on arm64. > It can be enabled with CONFIG_EFI_SANDBOX. At boot it spawns an internal KVM > virtual machine that is ran everytime an EFI Runtime

Re: [PATCH] arm64: efi: ignore EFI_MEMORY_XP attribute if RP and/or WP are set

On 15 September 2017 at 11:53, Stephen Boyd <sb...@codeaurora.org> wrote: > On 09/14, Ard Biesheuvel wrote: >> The UEFI memory map is a bit vague about how to interpret the >> EFI_MEMORY_XP attribute when it is combined with EFI_MEMORY_RP and/or >> EFI_MEMORY_WP, wh

Re: [PATCH v2 5/7] arm: efi: split zImage code and data into separate PE/COFF sections

On 8 September 2017 at 16:17, Gregory CLEMENT <gregory.clem...@free-electrons.com> wrote: > Hi Ard, > > On ven., sept. 08 2017, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > >> On 8 September 2017 at 15:57, Ard Biesheuvel <ard.biesheu...@linaro.org> >

Re: [PATCH v2 5/7] arm: efi: split zImage code and data into separate PE/COFF sections

On 8 September 2017 at 15:57, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > On 8 September 2017 at 15:56, Gregory CLEMENT > <gregory.clem...@free-electrons.com> wrote: >> Hi Ard, >> >> On ven., sept. 08 2017, Ard Biesheuvel <ard.biesheu...@linaro.org&g

Re: [PATCH v2 5/7] arm: efi: split zImage code and data into separate PE/COFF sections

On 8 September 2017 at 15:56, Gregory CLEMENT <gregory.clem...@free-electrons.com> wrote: > Hi Ard, > > On ven., sept. 08 2017, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > >> On 8 September 2017 at 15:33, Gregory CLEMENT >> <gregory.clem..

Re: [PATCH v2 5/7] arm: efi: split zImage code and data into separate PE/COFF sections

On 8 September 2017 at 15:33, Gregory CLEMENT <gregory.clem...@free-electrons.com> wrote: > Hi Ard, > > On ven., sept. 08 2017, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > >> On 8 September 2017 at 14:54, Ard Biesheuvel <ard.biesheu...@linaro.org> >

Re: [PATCH v2 5/7] arm: efi: split zImage code and data into separate PE/COFF sections

On 8 September 2017 at 14:54, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > On 8 September 2017 at 14:50, Gregory CLEMENT > <gregory.clem...@free-electrons.com> wrote: >> Hi Ard, >> >> On jeu., juin 29 2017, Ard Biesheuvel <ard.biesheu...@linaro.o

Re: [PATCH v2 5/7] arm: efi: split zImage code and data into separate PE/COFF sections

On 8 September 2017 at 14:50, Gregory CLEMENT <gregory.clem...@free-electrons.com> wrote: > Hi Ard, > > On jeu., juin 29 2017, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > >> To prevent unintended modifications to the kernel text (malicious or >> o

Re: [PATCH 1/2] efi: call get_event_log before ExitBootServices

On 7 September 2017 at 16:24, Thiebaud Weksteen <tw...@google.com> wrote: > Hi Ard, > > Thanks for reviewing the patch. (Non-addressed comments are fixed in the > next patch set). > > On Wed, Sep 06, 2017 at 03:53:33PM +0100, Ard Biesheuvel wrote: >> Hi Thiebaud, >

Re: [PATCH 2/2] tpm: surface TPM event log based on EFI table

On 6 September 2017 at 15:25, Thiebaud Weksteen wrote: > Signed-off-by: Thiebaud Weksteen No empty commit logs please. If you expect people to review your code, you really need to explain what it does and why. On top of that, a cover letter that summarizes it

Re: [PATCH 1/2] efi: call get_event_log before ExitBootServices

On 6 September 2017 at 15:53, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > Hi Thiebaud, > > On 6 September 2017 at 15:25, Thiebaud Weksteen <tw...@google.com> wrote: >> With TPM 2.0, access to the event log is only possible by using the >> EFI TPM2 Boot Ser

Re: [RFC PATCH 2/2] efi: libstub: add support for the Chaoskey RNG USB stick to the stub

On 2 September 2017 at 09:26, Greg KH <gre...@linuxfoundation.org> wrote: > On Sat, Sep 02, 2017 at 09:18:34AM +0100, Ard Biesheuvel wrote: >> On 2 September 2017 at 07:45, Greg KH <gre...@linuxfoundation.org> wrote: >> > On Sat, Aug 19, 2017 at 04:17:40PM +0100, Ard

Re: [RFC PATCH 1/2] efi: import USB I/O related declarations from the UEFI spec

On 2 September 2017 at 09:25, Greg KH <gre...@linuxfoundation.org> wrote: > On Sat, Sep 02, 2017 at 09:15:37AM +0100, Ard Biesheuvel wrote: >> On 2 September 2017 at 07:41, Greg KH <gre...@linuxfoundation.org> wrote: >> > On Sat, Aug 19, 2017 at 04:17:39

Re: [RFC PATCH 2/2] efi: libstub: add support for the Chaoskey RNG USB stick to the stub

On 2 September 2017 at 07:45, Greg KH <gre...@linuxfoundation.org> wrote: > On Sat, Aug 19, 2017 at 04:17:40PM +0100, Ard Biesheuvel wrote: >> Early entropy is hard to come by, especially on non-x86 systems that >> lack an architected instruction and are not as uniform a

Re: [RFC PATCH 1/2] efi: import USB I/O related declarations from the UEFI spec

On 2 September 2017 at 07:41, Greg KH <gre...@linuxfoundation.org> wrote: > On Sat, Aug 19, 2017 at 04:17:39PM +0100, Ard Biesheuvel wrote: >> In preparation of adding support for the Chaoskey USB stick to the >> UEFI stub, import the USB I/O protocol declarations and rela

Re: [PATCH 00/14] EFI capsule update support for IOT2000 devices

On 30 August 2017 at 20:27, Jan Kiszka <jan.kis...@siemens.com> wrote: > On 2017-08-30 21:24, Ard Biesheuvel wrote: >> Hello Jan, >> >> On 30 August 2017 at 20:13, Jan Kiszka <jan.kis...@siemens.com> wrote: >>> Last chunk: This backports

Re: [PATCH 00/14] EFI capsule update support for IOT2000 devices

e for -stable. > Cc: Andy Lutomirski <l...@amacapital.net> > Cc: Andy Lutomirski <l...@kernel.org> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Cc: Borislav Petkov <b...@alien8.de> > Cc: Brian Gerst <brge...@gmail.com> > Cc: Bryan O'Donoghue <

[GIT PULL 0/5] more EFI changes for v4.14

of the random seed obtained from UEFI so crng fast init can complete earlier - add 'static' to local function pointer - move efi_mem_type() to common code and replace an open coded instance with it in the BGRT driver Ard

[PATCH 2/5] efi/random: Increase size of firmware supplied randomness

t;m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/efi.c| 3 ++- drivers/firmware/efi/libstub/random.c | 10 -- include/linux/efi.h | 2 ++ 3 files changed, 8 insertions(+), 7 deletions(-)

[PATCH 1/5] efi/libstub: Enable reset attack mitigation

atthew Garrett <mj...@google.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- arch/x86/boot/compressed/eboot.c| 3 ++ drivers/firmware/efi/Kconfig| 10 ++ drivers/firmware/efi/libstub/Makefile | 1

[PATCH 4/5] efi: move efi_mem_type() to common code

y: Jan Beulich <jbeul...@suse.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- arch/x86/platform/efi/efi.c | 19 --- drivers/firmware/efi/efi.c | 37 +++-- 2 files chang

[PATCH 3/5] efi/reboot: Make function pointer orig_pm_power_off static

n King <colin.k...@canonical.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/reboot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/reboot.c b/drivers/fir

[PATCH 5/5] efi: bgrt: use efi_mem_type()

From: Jan Beulich <jbeul...@suse.com> Avoid effectively open-coding the function. Signed-off-by: Jan Beulich <jbeul...@suse.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firm

Re: [PATCH 1/2] EFI: move efi_mem_type() to common code

On 24 August 2017 at 11:34, Jan Beulich wrote: On 24.08.17 at 12:19, wrote: >> On 24 August 2017 at 11:11, Jan Beulich wrote: >> On 24.08.17 at 11:52, wrote: If it already has its own

Re: [PATCH 1/2] EFI: move efi_mem_type() to common code

On 24 August 2017 at 11:11, Jan Beulich wrote: On 24.08.17 at 11:52, wrote: >> On 24 August 2017 at 10:48, Jan Beulich wrote: >> On 24.08.17 at 11:18, wrote: On 24 August 2017 at 10:11,

Re: [PATCH 2/2] EFI/BGRT: use efi_mem_type()

ruct acpi_table_header *table) > { > void *image; > @@ -85,7 +65,7 @@ void __init efi_bgrt_init(struct acpi_ta > goto out; > } > > - if (!efi_bgrt_addr_valid(bgrt->image_address)) { > + if (efi_mem_type(bgrt->image_address) != EFI_BO

Re: [PATCH 1/2] EFI: move efi_mem_type() to common code

Hi Jan, On 24 August 2017 at 10:11, Jan Beulich wrote: > This follows efi_mem_attributes(), as it's similarly generic. > > Signed-off-by: Jan Beulich > --- > arch/x86/platform/efi/efi.c | 19 --- > drivers/firmware/efi/efi.c | 29

Re: [PATCH][next] efi/reboot: make function pointer orig_pm_power_off static

On 22 August 2017 at 16:50, Colin King wrote: > From: Colin Ian King > > The function pointer orig_pm_power_off is local to the source and does > not need to be in global scope, so make it static. > > Cleans up sparse warning: > symbol

Re: [PATCH 3/3] x86/efi: Use efi_switch_mm() rather than manually twiddling with cr3

On 21 August 2017 at 16:59, Peter Zijlstra wrote: > On Mon, Aug 21, 2017 at 08:23:10AM -0700, Andy Lutomirski wrote: >> > Ah, but only root can create per-cpu events or attach events to kernel >> > threads (with sensible paranoia levels). >> >> But this may not need to be

[PATCH v3] drivers/fbdev: efifb: allow BAR to be moved instead of claiming it

d so let's remove the preprocessor conditional that makes it !X86 only. Reviewed-by: Peter Jones <pjo...@redhat.com> Acked-by: Bartlomiej Zolnierkiewicz <b.zolnier...@samsung.com> Acked-by: Bjorn Helgaas <bhelg...@google.com> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linar

Re: [PATCH v2] drivers/fbdev: efifb: allow BAR to be moved instead of claiming it

On 12 July 2017 at 11:00, Bartlomiej Zolnierkiewicz <b.zolnier...@samsung.com> wrote: > On Monday, July 10, 2017 10:13:05 PM Ard Biesheuvel wrote: >> On UEFI systems, the firmware may expose a Graphics Output Protocol (GOP) >> instance to which the efifb driver attemp

Re: [PATCH v2] drivers/fbdev: efifb: allow BAR to be moved instead of claiming it

On 11 July 2017 at 12:55, Peter Jones <pjo...@redhat.com> wrote: > On Mon, Jul 10, 2017 at 10:13:05PM +0100, Ard Biesheuvel wrote: >> On UEFI systems, the firmware may expose a Graphics Output Protocol (GOP) >> instance to which the efifb driver attempts to attach in order to

Re: [PATCH v2] drivers/fbdev: efifb: allow BAR to be moved instead of claiming it

On 10 July 2017 at 22:13, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > On UEFI systems, the firmware may expose a Graphics Output Protocol (GOP) > instance to which the efifb driver attempts to attach in order to provide > a minimal, unaccelerated framebuffer. The GOP

Re: [PATCH v4 2/2] eif/capsule-pstore: Add capsule pstore backend

On 22 June 2017 at 16:35, Qiuxu Zhuo wrote: > The EFI capsule mechanism allows data blobs to be passed to the EFI > firmware. By setting the EFI_CAPSULE_POPULATE_SYSTEM_TABLE and the > EFI_CAPSULE_PERSIST_ACROSS_REBOOT flags, the firmware will place a > pointer to our data

Re: [PATCH v4 0/2] Add EFI capsule pstore backend support

On 26 June 2017 at 04:09, Zhuo, Qiuxu <qiuxu.z...@intel.com> wrote: >> From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] >> >> Actually, no, The issue I raised the last time around was not addressed >> anywhere, and is not even mentioned in the

Re: [PATCH v4 0/2] Add EFI capsule pstore backend support

On 23 June 2017 at 23:03, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > On 23 June 2017 at 20:42, Kees Cook <keesc...@chromium.org> wrote: >> On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo <qiuxu.z...@intel.com> wrote: >>> Change Log v3->v4: >>

Re: [PATCH v4 0/2] Add EFI capsule pstore backend support

On 23 June 2017 at 20:42, Kees Cook wrote: > On Thu, Jun 22, 2017 at 9:34 AM, Qiuxu Zhuo wrote: >> Change Log v3->v4: >> - Add comment 'the number of config tables' for 'nr_config_table' in efi >> structure >> - Initialize 'efi.nr_config_table' to

Re: Problem with new X.509 is_hash_blacklisted() interface

gt; has one precalculated. The precalculated hash can be passed to > is_hash_blacklisted(). This would typically be the case for a signed > X.509 message. > This last part seems a premature optimization to me. Is there a performance concern preventing us from using

Re: [PATCH 0/7] ARM: efi: PE/COFF cleanup/hardening

On 30 May 2017 at 20:36, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > This is the ARM counterpart of the changes now in v4.12 to clean up > the PE/COFF header that makes the kernel zImage loadable directly from > UEFI, and to enhance it with hardening and debug features. &

Re: [PATCH v3 1/2] efi: Add 'nr_config_table' variable in efi structure

On 19 June 2017 at 19:54, Qiuxu Zhuo wrote: > The 'nr_config_table' and 'config_table' (alreay in efi structure) > in efi structure provide a way for some driver(e.g. capsule-pstore > goes through the configuration table to extract crash capsules to > aid in debugging)

Re: [PATCH 2/2] x86/xen/efi: Init only efi struct members used by Xen

efi.c. As I saw it happened > a few times until now. So, let's initialize only efi struct members used by > Xen to avoid such issues in the future. > > Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> Acked-by: Ard Biesheuvel <ard.biesheu...@linaro.org&

Re: [PATCH 1/2] efi: Process MEMATTR table only if EFI_MEMMAP

<daniel.ki...@oracle.com> Reviewed-by: Ard Biesheuvel <ard.biesheu...@linaro.org> > --- > drivers/firmware/efi/efi.c |3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c > index b372

Re: [PATCH v2 18/31] efi-stub.txt: standardize document format

e parseable by Sphinx: > > - use proper markups for titles; > - identify literal blocks. > > Signed-off-by: Mauro Carvalho Chehab <mche...@s-opensource.com> Reviewed-by: Ard Biesheuvel <ard.biesheu...@linaro.org> > --- > Documentation/efi-stub.txt | 25 +++

Re: [PATCH 0/5] security, efi: Set lockdown if in secure boot mode

(+ Kees) On 6 June 2017 at 09:34, David Howells <dhowe...@redhat.com> wrote: > Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > >> and print a subsequent line for every lockdown feature that is enabled, e.g., >> >> lockdown: disabling MSRs >> lockdow

Re: [PATCH 0/3] efi: arm64: use -fpie for building the stub

On 18 May 2017 at 10:09, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > Clang requires the stub to be built with -fpie, or it may emit absolute > symbol references that trigger the absolute relocation detection code and > cause the build to fail. > > The remedy is to se

[PATCH] efi: fix boot panic because of invalid bgrt image address

nit code to early init code") Reported-by: Maniaxx <tripleshift...@gmail.com> Signed-off-by: Dave Young <dyo...@redhat.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/efi/efi-bgrt.c | 26

Re: [PATCH v2] efi: fix boot panic because of invalid bgrt image address

On 9 June 2017 at 08:24, Dave Young wrote: > Maniaxx reported a kernel boot failure of below: > (emulated the panic by using same invalid phys addr in code) > There are also a bug in bugzilla.kernel.org: >

Re: [PATCH] x86/efi: fix boot panic because of invalid bgrt image address

On 8 June 2017 at 05:32, Dave Young wrote: > Maniaxx reported kernel boot panic similar to > below: > (emulated the panic with using same invalid phys addr in a uefi vm) > There are also a bug in bugzilla.kernel.org: >

Re: [PATCH] x86/efi: fix boot panic because of invalid bgrt image address

On 8 June 2017 at 14:24, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > On 8 June 2017 at 14:20, Dave Young <dyo...@redhat.com> wrote: >> On 06/08/17 at 10:02am, Ard Biesheuvel wrote: >>> On 8 June 2017 at 05:32, Dave Young <dyo...@redhat.com> wrote: >

Re: [PATCH] x86/efi: fix boot panic because of invalid bgrt image address

On 8 June 2017 at 14:20, Dave Young <dyo...@redhat.com> wrote: > On 06/08/17 at 10:02am, Ard Biesheuvel wrote: >> On 8 June 2017 at 05:32, Dave Young <dyo...@redhat.com> wrote: >> > Maniaxx <tripleshift...@gmail.com> reported kernel boot panic similar to

Re: [PATCH] x86/efi: fix boot panic because of invalid bgrt image address

On 8 June 2017 at 05:32, Dave Young wrote: > Maniaxx reported kernel boot panic similar to > below: > (emulated the panic with using same invalid phys addr in a uefi vm) > There are also a bug in bugzilla.kernel.org: >

Re: [PATCH 10/13] efi/capsule: Add support for Quark security header

On 5 June 2017 at 15:50, Ingo Molnar <mi...@kernel.org> wrote: > > * Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > >> From: Jan Kiszka <jan.kis...@siemens.com> >> >> The firmware for Quark X102x prepends a security header to the capsule >> w

Re: [GIT PULL 00/13] First batch of EFI updates for v4.13

On 5 June 2017 at 09:07, Ingo Molnar <mi...@kernel.org> wrote: > > * Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > >> (trim cc) >> >> On 2 June 2017 at 13:51, Ard Biesheuvel <ard.biesheu...@linaro.org> w

[PATCH] efi: arm: Don't mark ACPI reclaim memory as MEMBLOCK_NOMAP

, which increases TLB pressure, and so we should avoid doing so if we can. So add a special case for regions of type EFI_ACPI_RECLAIM_MEMORY, and memblock_reserve() them instead of marking them MEMBLOCK_NOMAP. Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/firmware/e

[GIT PULL 00/13] First batch of EFI updates for v4.13

cleanups Andy Lutomirski (1): x86/efi: Clean up efi CR3 save/restore Ard Biesheuvel (4): efi/capsule-loader: Use a cached copy of the capsule header efi/capsule-loader: Redirect calls to efi_capsule_setup_info via weak

<    3   4   5   6   7   8   9   10   11   12   >