Re: [PATCH v4 12/14] platform/x86: wmi: create character devices when requested by drivers

From: Darren Hart
Date: Thu Oct 05 2017 - 16:59:01 EST


On Thu, Oct 05, 2017 at 09:09:48PM +0200, Greg KH wrote:
> On Thu, Oct 05, 2017 at 07:03:24PM +0000, Mario.Limonciello@xxxxxxxx wrote:
...
> > It's up to firmware to block the crazy stuff that you can put in a buffer.
>
> So userspace can pass any blob it wants to the firmware through this
> interface and the kernel does not parse anything? How is that
> "protected"?
>
> > > Again, I like my TPM to work, and I don't want a random rootkit exploit
> > > to be able to destroy it :)
> >
> > I'd like to however point out you can't kill your TPM from this interface.
>
> On _your_ platform, can you guarantee it on any other platform? :)

The dell-smbios-wmi driver won't load on any other platform. No
character device is created for any other platform. When drivers are
written for those other platforms for different WMI GUIDs, we need to
review them.

This driver not having MOF data should be the exception. We'll have more
ability to inspect others. If drivers are submitted that don't look at
the MOF data even through it is present, we should reject them.

--
Darren Hart
VMware Open Source Technology Center