Re: [PATCH 13/14] x86: BHI stubs

From: Joao Moreira
Date: Tue Oct 29 2024 - 02:00:20 EST

Next message: Sandor Yu: "[PATCH v18 0/8] Initial support Cadence MHDP8501(HDMI/DP) for i.MX8MQ"
Previous message: Heiko Stuebner: " Re: [PATCH 2/3] dt-bindings: arm: rockchip: add Banana Pi BPI-P2 Pro board"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 21, 2024 at 8:06 AM Constable, Scott D
<scott.d.constable@xxxxxxxxx> wrote:
>
> Hello Andrew,
>
> My understanding of the FineIBT approach is that the hash values are not intended to be secret, and therefore leaking these hash values would not expose a new risk. Joao is also on this thread and knows a lot more about FineIBT than I do, so he can chime in if my reasoning is unsound.

Technically the hashes are not a secret indeed. With that said, I
think it was Kees who submitted a patch that randomizes the hash
values at boot time, as a security in depth / probabilistic measure
against an attacker being able to generate executable valid targets.

Tks,
Joao

Next message: Sandor Yu: "[PATCH v18 0/8] Initial support Cadence MHDP8501(HDMI/DP) for i.MX8MQ"
Previous message: Heiko Stuebner: " Re: [PATCH 2/3] dt-bindings: arm: rockchip: add Banana Pi BPI-P2 Pro board"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]