On Thu, 2022-12-01 at 00:47 +0100, Ben Hutchings wrote:
> Commit be36f9e7517e ("efi: READ_ONCE rng seed size before munmap")
> added a READ_ONCE() and also changed the call to
> add_bootloader_randomness() to use the local size variable. Neither
> of these changes was actually needed and this was not backported to
> the 4.14 stable branch.
>
> Commit 161a438d730d ("efi: random: reduce seed size to 32 bytes")
> reverted the addition of READ_ONCE() and added a limit to the value of
> size. This depends on the earlier commit, because size can now differ
> from seed->size, but it was wrongly backported to the 4.14 stable
> branch by itself.
>
> Apply the missing change to the add_bootloader_randomness() parameter
> (except that here we are still using add_device_randomness()).
[...]
This made me wonder: shouldn't commit 18b915ac6b0a ("efi/random: Treat
EFI_RNG_PROTOCOL output as bootloader randomness") be applied to these
older stable branches? Without that, the EFI RNG can't be distrusted
if necessary.
Ben.
--
Ben Hutchings
compatible: Gracefully accepts erroneous data from any source
Attachment:
signature.asc
Description: This is a digitally signed message part
