Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 22:51:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
ccc829ba36
linux/drivers/firmware/efi
History
Matthew Garrett ccc829ba36 efi/libstub: Enable reset attack mitigation 
If a machine is reset while secrets are present in RAM, it may be
possible for code executed after the reboot to extract those secrets
from untouched memory. The Trusted Computing Group specified a mechanism
for requesting that the firmware clear all RAM on reset before booting
another OS. This is done by setting the MemoryOverwriteRequestControl
variable at startup. If userspace can ensure that all secrets are
removed as part of a controlled shutdown, it can reset this variable to
0 before triggering a hardware reboot.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170825155019.6740-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-08-26 09:20:33 +02:00
..
libstub efi/libstub: Enable reset attack mitigation 2017-08-26 09:20:33 +02:00
test efi/efi_test: Use memdup_user() helper 2017-06-05 17:50:42 +02:00
apple-properties.c x86/efi: Retrieve and assign Apple device properties 2016-11-13 08:23:16 +01:00
arm-init.c efi/arm/arm64: Add missing assignment of efi.config_table 2017-08-21 09:43:49 +02:00
arm-runtime.c efi/arm: Enable DMI/SMBIOS 2017-06-05 17:50:44 +02:00
capsule-loader.c efi/capsule-loader: Use page addresses rather than struct page pointers 2017-06-05 17:50:41 +02:00
capsule.c efi/capsule-loader: Use page addresses rather than struct page pointers 2017-06-05 17:50:41 +02:00
cper.c trace, ras: add ARM processor error trace event 2017-06-22 18:22:05 +01:00
dev-path-parser.c efi: Add device path parser 2016-11-13 08:23:15 +01:00
efi-bgrt.c efi: Fix boot panic because of invalid BGRT image address 2017-06-09 14:50:11 +02:00
efi-pstore.c pstore: Populate pstore record->time field 2017-05-31 10:13:44 -07:00
efi.c Merge branch 'x86/mm' into efi/core, to pick up dependencies 2017-08-26 09:20:01 +02:00
efibc.c efibc: Report more information in the error messages 2016-06-27 13:06:54 +02:00
efivars.c efi: Don't use spinlocks for efi vars 2016-09-09 16:08:42 +01:00
esrt.c firmware/efi/esrt: Constify attribute_group structures 2017-08-21 09:43:51 +02:00
fake_mem.c x86/efi: Don't allocate memmap through memblock after mm_init() 2017-01-07 08:58:07 +01:00
Kconfig efi/libstub: Enable reset attack mitigation 2017-08-26 09:20:33 +02:00
Makefile x86/efi/bgrt: Move efi-bgrt handling out of arch/x86 2017-04-05 12:27:24 +02:00
memattr.c x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE 2017-02-01 08:45:44 +01:00
memmap.c x86/efi: Don't allocate memmap through memblock after mm_init() 2017-01-07 08:58:07 +01:00
reboot.c efi/reboot: Fall back to original power-off method if EFI_RESET_SHUTDOWN returns 2017-08-21 09:43:50 +02:00
runtime-map.c efi/runtime-map: Use efi.memmap directly instead of a copy 2016-09-09 16:08:36 +01:00
runtime-wrappers.c efi: Replace runtime services spinlock with semaphore 2016-09-09 16:08:43 +01:00
vars.c efi: Don't use spinlocks for efi vars 2016-09-09 16:08:42 +01:00