[PATCH v34 14/14] efi/libstub/arm*: Set default address and size cells values for an empty dtb

From: Sameer Goel In cases where a device tree is not provided (ie ACPI based system), an empty fdt is generated by efistub. #address-cells and #size-cells are not set in the empty fdt, so they default to 1 (4 byte wide). This can be an issue on 64-bit systems where values representing addresse

Re: [PATCH V13 10/10] arm/arm64: KVM: add guest SEA support

Hi Tyler, I have a question for below code. On 2017/3/25 0:01, Christoffer Dall wrote: > is_iabt = kvm_vcpu_trap_is_iabt(vcpu); > - if (unlikely(!is_iabt && kvm_vcpu_dabt_isextabt(vcpu))) { > + if (unlikely(!is_iabt && kvm_vcpu_dabt_isextabt(vcpu)) && sea_status) { > k

Re: [PATCH v2 0/7] efi: Enhance capsule loader to support signed Quark images

On 27/03/17 12:01, Jan Kiszka wrote: The reset method is auto-adjusted by the kernel when an update is pending. So firmware update is now seriously simple. But I can write a 2 or 3-lines readme if it's preferred. Using myself as a benchmark I'd say, never assume anything is idiot proof to a

Re: [PATCH] efi: arm: enable DMI/SMBIOS

On 1 March 2017 at 23:24, Ard Biesheuvel wrote: > Wire up the existing support for SMBIOS tables (aka DMI), by moving the > arm64 init code to drivers/firmware/efi/arm-runtime.c, which is shared > between ARM and arm64, and adding a asm/dmi.h header to ARM that defines > the mapping routines for t

[PATCH v2 1/4] efi/libstub: fix harmless command line parsing bug

When we parse the 'efi=' command line parameter in the stub, we fail to take spaces into account. Currently, the only way this could result in unexpected behavior is when the string 'nochunk' appears as a separate command line argument after 'efi=xxx,yyy,zzz ', so this is harmless in practice. But

[PATCH v2 2/4] efi/libstub: unify command line param parsing

Merge the parsing of the command line carried out in arm-stub.c with the handling in efi_parse_options. Note that this also fixes the missing handling of CONFIG_CMDLINE_FORCE=y, in which case the builtin command line should supersede the one passed by the firmware. Cc: Matt Fleming Signed-off-by:

[PATCH v2 4/4] ef/libstub: arm/arm64: randomize the base of the UEFI rt services region

Update the allocation logic for the virtual mapping of the UEFI runtime services to start from a randomized base address if KASLR is in effect, and if the UEFI firmware exposes an implementation of EFI_RNG_PROTOCOL. This makes it more difficult to predict the location of exploitable data structure

[PATCH v2 3/4] efi/libstub: arm/arm64: disable debug prints on 'quiet' cmdline arg

The EFI stub currently prints a number of diagnostic messages that do not carry a lot of information. Since these prints are not controlled by 'loglevel' or other command line parameters, and since they appear on the EFI framebuffer as well (if enabled), it would be nice if we could turn them off.

[PATCH v2 0/4] efi: libstub enhancements for cmdline parsing and kaslr

This adds support for the 'quiet' kernel command line parameter, so that meaningless debug prints can be prevented from corrupting the boot splash (#3) Secondly, it enables randomization of the UEFI runtime services region when KASLR is in effect (#4) Patches #1 and #2 are preparatory cleanup pat

[efi:next 11/13] drivers/firmware/efi/libstub/efi-stub-helper.c:421:40: error: 'CONFIG_CMDLINE' undeclared

tree: https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git next head: d1dd38ec76a7b1be8f6d0861e149c1d52b784af4 commit: 187fdd765fd12cad29a80d084002e18e643a4d97 [11/13] efi/libstub: unify command line param parsing config: x86_64-randconfig-x012-201713 (attached as .config) compiler: gcc

Re: [PATCH v3] efifb: avoid reconfiguration of BAR that covers the framebuffer

On 23 March 2017 at 15:15, Ard Biesheuvel wrote: > On 23 March 2017 at 14:31, Lorenzo Pieralisi > wrote: >> On Thu, Mar 23, 2017 at 12:25:48PM +, Ard Biesheuvel wrote: >>> On 23 March 2017 at 10:57, Lorenzo Pieralisi >>> wrote: >>> > On Thu, Mar 23, 2017 at 09:04:03AM +, Ard Biesheuvel

Re: [RFC PATCH v2 15/32] x86: Add support for changing memory encryption attribute in early boot

Hi Boris, On 03/24/2017 12:12 PM, Borislav Petkov wrote: } +static inline int __init early_set_memory_decrypted(void *addr, + unsigned long size) +{ + return 1; return 1 when !CONFIG_AMD_MEM_ENCRYPT ? The non-early var

Re: [PATCH v2 0/7] efi: Enhance capsule loader to support signed Quark images

On 2017-03-24 21:39, Andy Shevchenko wrote: > On Fri, Mar 24, 2017 at 7:34 PM, Jan Kiszka wrote: >> This addresses the review feedback provided on round 1, specifically >> - refactored queue to keep the Quark mess in >> - only check for CSH on Quark CPUs >> - added some smaller cleanups of the cap

Re: [PATCH v2 0/7] efi: Enhance capsule loader to support signed Quark images

On 2017-03-27 12:29, Bryan O'Donoghue wrote: > > > On 24/03/17 17:34, Jan Kiszka wrote: >> This addresses the review feedback provided on round 1, specifically >> - refactored queue to keep the Quark mess in >> - only check for CSH on Quark CPUs >> - added some smaller cleanups of the capsule loa

Re: [PATCH v2 0/7] efi: Enhance capsule loader to support signed Quark images

On 24/03/17 17:34, Jan Kiszka wrote: This addresses the review feedback provided on round 1, specifically - refactored queue to keep the Quark mess in - only check for CSH on Quark CPUs - added some smaller cleanups of the capsule loader - documented capsule header / linked to original code Se