Re: [RFC v2 3/7] firmware: port built-in section to linker table

From: Kees Cook
Date: Mon May 02 2016 - 14:34:52 EST


On Mon, Feb 29, 2016 at 10:56 AM, Luis R. Rodriguez <mcgrof@xxxxxxxx> wrote:
> On Mon, Feb 29, 2016 at 10:12:50AM +0000, David Woodhouse wrote:
>> On Fri, 2016-02-19 at 05:45 -0800, Luis R. Rodriguez wrote:
>> > This ports built-in firmware to use linker tables,
>> > this replaces the custom section solution with a
>> > generic solution.
>> >
>> > This also demos the use of the .rodata (SECTION_RO)
>> > linker tables.
>> >
>> > Tested with 0 built-in firmware, 1 and 2 built-in
>> > firmwares successfully.
>>
>> I think we'd do better to rip this support out entirely. It just isn't
>> needed; firmware can live in an initramfs and don't even need *any*
>> actual running userspace support to load it from there these days, do
>> we?
>
> I think this is reasonable if and only if we really don't know of anyone
> out there not able to use initramfs. I'm happy to rip it out.

The changelog for this doesn't say anything about _why_ the change is
being made? (and what about other architectures.) Also, Chrome OS
doesn't use an initramfs (and plenty of other things don't too). Being
able to build monolithic kernels (e.g. Android and Brillo) with
builtin firmware is very handy. Please don't remove built-in firmware
support.

-Kees

--
Kees Cook
Chrome OS & Brillo Security