Re: [PATCH 2/2] efi: Validate UEFI boot variables
From: Shea Levy
Date: Mon Apr 30 2012 - 20:00:30 EST
Hi,
On 04/30/2012 04:11 PM, Matthew Garrett wrote:
A common flaw in UEFI systems is a refusal to POST triggered by a malformed
boot variable. Once in this state, machines may only be restored by
reflashing their firmware with an external hardware device. While this is
obviously a firmware bug, the serious nature of the outcome suggests that
operating systems should filter their variable writes in order to prevent
a malicious user from rendering the machine unusable.
Any chance this will make it safe to use efibootmgr on Apple EFI
firmware? I've been afraid to use it because I've read it can silently
brick the device due to a mistake in efibootmgr. Obviously this won't
correct that mistake, but with this applied should a successful variable
set imply that the firmware wasn't bricked?
Cheers,
Shea Levy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/