leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ccc829ba36
linux/arch/x86/boot/compressed
History
Matthew Garrett ccc829ba36 efi/libstub: Enable reset attack mitigation 
If a machine is reset while secrets are present in RAM, it may be
possible for code executed after the reboot to extract those secrets
from untouched memory. The Trusted Computing Group specified a mechanism
for requesting that the firmware clear all RAM on reset before booting
another OS. This is done by setting the MemoryOverwriteRequestControl
variable at startup. If userspace can ensure that all secrets are
removed as part of a controlled shutdown, it can reset this variable to
0 before triggering a hardware reboot.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170825155019.6740-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-08-26 09:20:33 +02:00
..
.gitignore
cmdline.c x86/KASLR: Parse all 'memmap=' boot option entries 2017-05-24 09:50:27 +02:00
cpuflags.c x86, boot: Rename get_flags() and check_flags() to *_cpuflags() 2013-10-13 04:08:56 -07:00
early_serial_console.c x86, boot: Don't compile early_serial_console.c when !CONFIG_EARLY_PRINTK 2014-08-17 14:58:24 -07:00
eboot.c efi/libstub: Enable reset attack mitigation 2017-08-26 09:20:33 +02:00
eboot.h efi/libstub: Move Graphics Output Protocol handling to generic code 2016-04-28 11:33:57 +02:00
efi_stub_32.S x86, efi: EFI boot stub support 2011-12-12 14:26:10 -08:00
efi_stub_64.S x86/efi: Avoid triple faults during EFI mixed mode calls 2015-02-13 15:42:56 +00:00
efi_thunk_64.S x86/efi: Avoid triple faults during EFI mixed mode calls 2015-02-13 15:42:56 +00:00
error.c x86/boot: Fix Sparse warning by including required header file 2017-03-31 08:13:54 +02:00
error.h x86/boot: Declare error() as noreturn 2017-05-07 10:59:05 +02:00
head_32.S x86/efi: Allow invocation of arbitrary runtime services 2017-02-07 10:42:09 +01:00
head_64.S x86/boot/compressed: Enable 5-level paging during decompression stage 2017-06-13 08:56:53 +02:00
kaslr.c x86/boot/KASLR: Rename process_e820_entry() into process_mem_region() 2017-07-18 11:11:12 +02:00
Makefile x86/boot: Disable the address-of-packed-member compiler warning 2017-07-28 08:39:08 +02:00
misc.c include/linux/string.h: add the option of fortified string.h functions 2017-07-12 16:26:03 -07:00
misc.h x86/boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug 2017-06-30 08:53:14 +02:00
mkpiggy.c x86/KASLR: Clean up unused code from old 'run_size' and rename it to 'kernel_total_size' 2016-04-29 11:03:30 +02:00
pagetable.c x86/mm: Provide general kernel support for memory encryption 2017-07-18 11:38:00 +02:00
string.c x86/boot: Warn on future overlapping memcpy() use 2016-05-03 08:15:58 +02:00
vmlinux.lds.S x86/boot: Move compressed kernel to the end of the decompression buffer 2016-04-29 11:03:29 +02:00