[PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Variables in the random seed GUID must remain secret, so deny all reads
to them.

Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
---
 fs/efivarfs/file.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c
index d57ee15874f9..08996ba3a373 100644
--- a/fs/efivarfs/file.c
+++ b/fs/efivarfs/file.c
@@ -76,6 +76,9 @@ static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,
 	while (!__ratelimit(&file->f_cred->user->ratelimit))
 		msleep(50);
 
+	if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
+		return -EPERM;
+
 	err = efivar_entry_size(var, &datasize);
 
 	/*
-- 
2.38.1




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux