Variables in the random seed GUID must remain secret, so deny all reads to them. Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> --- fs/efivarfs/file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c index d57ee15874f9..08996ba3a373 100644 --- a/fs/efivarfs/file.c +++ b/fs/efivarfs/file.c @@ -76,6 +76,9 @@ static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf, while (!__ratelimit(&file->f_cred->user->ratelimit)) msleep(50); + if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) + return -EPERM; + err = efivar_entry_size(var, &datasize); /* -- 2.38.1
