Re: [PATCH 0/2] efivars: reading variables can generate SMIs
From: Ard Biesheuvel
Date: Fri Feb 16 2018 - 06:18:19 EST
On 16 February 2018 at 11:08, Borislav Petkov <bp@xxxxxxxxx> wrote:
> On Fri, Feb 16, 2018 at 10:58:47AM +0000, Ard Biesheuvel wrote:
>> By your own reasoning above, that's a no-no as well.
>
> I'm sure we can come up with some emulation - the same way we did the
> BIOS emulation.
>
>> But thanks for your input. Anyone else got something constructive to contribute?
>
> The not-breaking userspace is constructive contribution. The last
> paragraph is my usual rant.
>
Fair enough. And I am not disagreeing with you either.
So question to Joe: is it well defined which variables may exhibit
this behavior? Given that UEFI variables are GUID scoped, would
whitelisting certain GUIDs (the ones userland currently relies on to
be readable my non-privileged users) and making everything else
user-only solve this problem as well?