On Thu, Dec 01, 2022 at 12:53:03AM +0100, Ben Hutchings wrote:
> On Thu, 2022-12-01 at 00:47 +0100, Ben Hutchings wrote:
> > Commit be36f9e7517e ("efi: READ_ONCE rng seed size before munmap")
> > added a READ_ONCE() and also changed the call to
> > add_bootloader_randomness() to use the local size variable. Neither
> > of these changes was actually needed and this was not backported to
> > the 4.14 stable branch.
> >
> > Commit 161a438d730d ("efi: random: reduce seed size to 32 bytes")
> > reverted the addition of READ_ONCE() and added a limit to the value of
> > size. This depends on the earlier commit, because size can now differ
> > from seed->size, but it was wrongly backported to the 4.14 stable
> > branch by itself.
> >
> > Apply the missing change to the add_bootloader_randomness() parameter
> > (except that here we are still using add_device_randomness()).
> [...]
>
> This made me wonder: shouldn't commit 18b915ac6b0a ("efi/random: Treat
> EFI_RNG_PROTOCOL output as bootloader randomness") be applied to these
> older stable branches? Without that, the EFI RNG can't be distrusted
> if necessary.
Makes sense, want to send a backport on top of this one as the original
will not work?
greg k-h
