On Wed, Feb 03, 2016 at 01:18:00PM -0500, Peter Jones wrote: > On Thu, Feb 04, 2016 at 02:00:16AM +0800, joeyli wrote: > > On Wed, Feb 03, 2016 at 11:43:54AM -0500, Peter Jones wrote: > > > "rm -rf" is bricking some peoples' laptops because of variables being > > > used to store non-reinitializable firmware driver data that's required > > > to POST the hardware. > > > > > > These are 100% bugs, and they need to be fixed, but in the mean time it > > > shouldn't be easy to *accidentally* brick machines. > > > > > > We have to have delete working, and picking which variables do and don't > > > work for deletion is quite intractable, so instead make everything > > > immutable by default (except for a whitelist), and make tools that > > > aren't quite so broad-spectrum unset the immutable flag. > > > > > > v2: adds Timeout to our whitelist. > > > v3: > > > - takes the extra Timeout out of the whitelist > > > - fixes whitelist matching to actually work > > > - inverts the flag on efivarfs_get_inode() and calls it is_removable > > > - adds documentation and test cases > > > > > > Signed-off-by: Peter Jones <pjones@xxxxxxxxxx> > > > > Tested-by: Lee, Chun-Yi <jlee@xxxxxxxx> > > Is this to say on 4/5 you did s/new_var->var./new_var->/ and then tested > the whole set? > Yes, I changed the code then built whole patch set success. And, I tested this set on OVMF to remove some variables in whitelist or not. It works to me to avoid root removes non-whitelist variables. Actually I tested your last version, it doesn't have compiler problem but I found there have some whitelist variables that can not be removed because variable_matches() has issue to compare name. Looks you fixed it in this version. So I put Tested-by tag to this set. Thanks a lot! Joey Lee -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
