Re: [PATCH 10/13] efi/capsule: Add support for Quark security header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote:

> From: Jan Kiszka <jan.kiszka@xxxxxxxxxxx>
> 
> The firmware for Quark X102x prepends a security header to the capsule
> which is needed to support the mandatory secure boot on this processor.
> The header can be detected by checking for the "_CSH" signature and -
> to avoid any GUID conflict - validating its size field to contain the
> expected value. Then we need to look for the EFI header right after the
> security header and pass the real header to __efi_capsule_setup_info.
> 
> To be minimal invasive and maximal safe, the quirk version of
> efi_capsule_identify_image is only effective on Quark processors.

So there's no efi_capsule_identify_image() function anywhere - this wants to be 
efi_capsule_setup_info(), right?

I have edited the changelog accordingly.

> +config EFI_CAPSULE_QUIRK_QUARK_CSH
> +	boolean "Add support for Quark capsules with non-standard headers"
> +	depends on X86 && !64BIT
> +	select EFI_CAPSULE_LOADER
> +	default y
> +	help
> +	  Add support for processing Quark X1000 EFI capsules, whose header
> +	  layout deviates from the layout mandated by the UEFI specification.

BTW., there's no need to further put this behind a Kconfig option: the quirk seems 
targeted enough, and the whole point of runtime quirks is so that can be applied 
safely within generic kernels. Turning them off via Kconfig seems wrong.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux