Re: [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 16 Nov 2022 at 17:17, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
>
> Variables in the random seed GUID must remain secret, so deny all reads
> to them.
>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> ---
>  fs/efivarfs/file.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c
> index d57ee15874f9..08996ba3a373 100644
> --- a/fs/efivarfs/file.c
> +++ b/fs/efivarfs/file.c
> @@ -76,6 +76,9 @@ static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,
>         while (!__ratelimit(&file->f_cred->user->ratelimit))
>                 msleep(50);
>
> +       if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
> +               return -EPERM;
> +
>         err = efivar_entry_size(var, &datasize);
>
>         /*

I'd prefer it if we could just disregard them entirely, i.e., never
enumerate them so that they don't appear in the file system.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux