Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-08 Thread Luis R. Rodriguez
On Tue, May 08, 2018 at 03:38:05PM +, Luis R. Rodriguez wrote: > On Fri, May 04, 2018 at 12:44:37PM -0700, Martijn Coenen wrote: > > On Wed, Apr 25, 2018 at 10:55 AM, Luis R. Rodriguez > > wrote: > > > Android became the primary user of

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-08 Thread Luis R. Rodriguez
On Tue, May 08, 2018 at 03:38:05PM +, Luis R. Rodriguez wrote: > On Fri, May 04, 2018 at 12:44:37PM -0700, Martijn Coenen wrote: > > On Wed, Apr 25, 2018 at 10:55 AM, Luis R. Rodriguez > > wrote: > > > Android became the primary user of CONFIG_FW_LOADER_USER_HELPER_FALLBACK. > > > > > > It

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-08 Thread Luis R. Rodriguez
On Fri, May 04, 2018 at 12:44:37PM -0700, Martijn Coenen wrote: > On Wed, Apr 25, 2018 at 10:55 AM, Luis R. Rodriguez wrote: > > Android became the primary user of CONFIG_FW_LOADER_USER_HELPER_FALLBACK. > > > > It would be good for us to hear from Android folks if their current

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-08 Thread Luis R. Rodriguez
On Fri, May 04, 2018 at 12:44:37PM -0700, Martijn Coenen wrote: > On Wed, Apr 25, 2018 at 10:55 AM, Luis R. Rodriguez wrote: > > Android became the primary user of CONFIG_FW_LOADER_USER_HELPER_FALLBACK. > > > > It would be good for us to hear from Android folks if their current use of > >

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-04 Thread Martijn Coenen
On Wed, Apr 25, 2018 at 10:55 AM, Luis R. Rodriguez wrote: > Android became the primary user of CONFIG_FW_LOADER_USER_HELPER_FALLBACK. > > It would be good for us to hear from Android folks if their current use of > request_firmware_into_buf() is designed in practice to *never*

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-04 Thread Martijn Coenen
On Wed, Apr 25, 2018 at 10:55 AM, Luis R. Rodriguez wrote: > Android became the primary user of CONFIG_FW_LOADER_USER_HELPER_FALLBACK. > > It would be good for us to hear from Android folks if their current use of > request_firmware_into_buf() is designed in practice to *never* use the direct >

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-04 Thread Martijn Coenen
On Thu, May 3, 2018 at 5:21 PM, Luis R. Rodriguez wrote: > Android folks, poke below. otherwise we'll have no option but to seriously > consider Mimi's patch to prevent these calls when IMA appraisal is enforced: Sorry, figuring out who's the right person to answer this, will

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-04 Thread Martijn Coenen
On Thu, May 3, 2018 at 5:21 PM, Luis R. Rodriguez wrote: > Android folks, poke below. otherwise we'll have no option but to seriously > consider Mimi's patch to prevent these calls when IMA appraisal is enforced: Sorry, figuring out who's the right person to answer this, will get back to you

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-03 Thread Luis R. Rodriguez
Android folks, poke below. otherwise we'll have no option but to seriously consider Mimi's patch to prevent these calls when IMA appraisal is enforced: http://lkml.kernel.org/r/1525182503-13849-7-git-send-email-zo...@linux.vnet.ibm.com Please read below On Wed, Apr 25, 2018 at 05:55:57PM

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-05-03 Thread Luis R. Rodriguez
Android folks, poke below. otherwise we'll have no option but to seriously consider Mimi's patch to prevent these calls when IMA appraisal is enforced: http://lkml.kernel.org/r/1525182503-13849-7-git-send-email-zo...@linux.vnet.ibm.com Please read below On Wed, Apr 25, 2018 at 05:55:57PM

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-25 Thread Luis R. Rodriguez
On Wed, Apr 25, 2018 at 01:00:09AM -0400, Mimi Zohar wrote: > On Tue, 2018-04-24 at 23:42 +, Luis R. Rodriguez wrote: > > On Tue, Apr 24, 2018 at 12:07:01PM -0400, Mimi Zohar wrote: > > > On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > > > > On 23-04-18 23:11, Luis R. Rodriguez

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-25 Thread Luis R. Rodriguez
On Wed, Apr 25, 2018 at 01:00:09AM -0400, Mimi Zohar wrote: > On Tue, 2018-04-24 at 23:42 +, Luis R. Rodriguez wrote: > > On Tue, Apr 24, 2018 at 12:07:01PM -0400, Mimi Zohar wrote: > > > On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > > > > On 23-04-18 23:11, Luis R. Rodriguez

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Mimi Zohar
On Tue, 2018-04-24 at 23:42 +, Luis R. Rodriguez wrote: > On Tue, Apr 24, 2018 at 12:07:01PM -0400, Mimi Zohar wrote: > > On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > > > Hi, > > > > > > On 23-04-18 23:11, Luis R. Rodriguez wrote: > > > > Hans, please see use of

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Mimi Zohar
On Tue, 2018-04-24 at 23:42 +, Luis R. Rodriguez wrote: > On Tue, Apr 24, 2018 at 12:07:01PM -0400, Mimi Zohar wrote: > > On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > > > Hi, > > > > > > On 23-04-18 23:11, Luis R. Rodriguez wrote: > > > > Hans, please see use of

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Luis R. Rodriguez
On Tue, Apr 24, 2018 at 12:07:01PM -0400, Mimi Zohar wrote: > On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > > Hi, > > > > On 23-04-18 23:11, Luis R. Rodriguez wrote: > > > Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a > > > new ID > > > and security for this

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Luis R. Rodriguez
On Tue, Apr 24, 2018 at 12:07:01PM -0400, Mimi Zohar wrote: > On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > > Hi, > > > > On 23-04-18 23:11, Luis R. Rodriguez wrote: > > > Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a > > > new ID > > > and security for this

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Hans de Goede
Hi, On 24-04-18 18:07, Mimi Zohar wrote: On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: Hi, On 23-04-18 23:11, Luis R. Rodriguez wrote: Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new ID and security for this type of request so IMA can reject it if the

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Hans de Goede
Hi, On 24-04-18 18:07, Mimi Zohar wrote: On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: Hi, On 23-04-18 23:11, Luis R. Rodriguez wrote: Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new ID and security for this type of request so IMA can reject it if the

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Mimi Zohar
On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > Hi, > > On 23-04-18 23:11, Luis R. Rodriguez wrote: > > Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new > > ID > > and security for this type of request so IMA can reject it if the policy is > > configured for

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Mimi Zohar
On Tue, 2018-04-24 at 17:09 +0200, Hans de Goede wrote: > Hi, > > On 23-04-18 23:11, Luis R. Rodriguez wrote: > > Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new > > ID > > and security for this type of request so IMA can reject it if the policy is > > configured for

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Hans de Goede
Hi, On 23-04-18 23:11, Luis R. Rodriguez wrote: Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new ID and security for this type of request so IMA can reject it if the policy is configured for it. Hmm, interesting, actually it seems like the whole existence of

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Hans de Goede
Hi, On 23-04-18 23:11, Luis R. Rodriguez wrote: Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new ID and security for this type of request so IMA can reject it if the policy is configured for it. Hmm, interesting, actually it seems like the whole existence of

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Hans de Goede
Hi, On 16-04-18 10:28, Ard Biesheuvel wrote: On 8 April 2018 at 19:40, Hans de Goede wrote: Just like with PCI options ROMs, which we save in the setup_efi_pci* functions from arch/x86/boot/compressed/eboot.c, the EFI code / ROM itself sometimes may contain data which is

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-24 Thread Hans de Goede
Hi, On 16-04-18 10:28, Ard Biesheuvel wrote: On 8 April 2018 at 19:40, Hans de Goede wrote: Just like with PCI options ROMs, which we save in the setup_efi_pci* functions from arch/x86/boot/compressed/eboot.c, the EFI code / ROM itself sometimes may contain data which is useful/necessary for

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-23 Thread Luis R. Rodriguez
Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new ID and security for this type of request so IMA can reject it if the policy is configured for it. Please Cc Kees in future patches. Luis

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-23 Thread Luis R. Rodriguez
Hans, please see use of READING_FIRMWARE_PREALLOC_BUFFER, we'll need a new ID and security for this type of request so IMA can reject it if the policy is configured for it. Please Cc Kees in future patches. Luis

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-17 Thread Hans de Goede
Hi, On 17-04-18 02:17, Luis R. Rodriguez wrote: On Sun, Apr 08, 2018 at 07:40:11PM +0200, Hans de Goede wrote: static void firmware_free_data(const struct firmware *fw) { @@ -576,6 +600,15 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out;

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-17 Thread Hans de Goede
Hi, On 17-04-18 02:17, Luis R. Rodriguez wrote: On Sun, Apr 08, 2018 at 07:40:11PM +0200, Hans de Goede wrote: static void firmware_free_data(const struct firmware *fw) { @@ -576,6 +600,15 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out;

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-17 Thread Hans de Goede
Hi, On 17-04-18 02:17, Luis R. Rodriguez wrote: On Sun, Apr 08, 2018 at 07:40:11PM +0200, Hans de Goede wrote: static void firmware_free_data(const struct firmware *fw) { @@ -576,6 +600,15 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out;

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-17 Thread Hans de Goede
Hi, On 17-04-18 02:17, Luis R. Rodriguez wrote: On Sun, Apr 08, 2018 at 07:40:11PM +0200, Hans de Goede wrote: static void firmware_free_data(const struct firmware *fw) { @@ -576,6 +600,15 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out;

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-16 Thread Luis R. Rodriguez
On Sun, Apr 08, 2018 at 07:40:11PM +0200, Hans de Goede wrote: > static void firmware_free_data(const struct firmware *fw) > { > @@ -576,6 +600,15 @@ _request_firmware(const struct firmware **firmware_p, > const char *name, > goto out; > > ret =

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-16 Thread Luis R. Rodriguez
On Sun, Apr 08, 2018 at 07:40:11PM +0200, Hans de Goede wrote: > static void firmware_free_data(const struct firmware *fw) > { > @@ -576,6 +600,15 @@ _request_firmware(const struct firmware **firmware_p, > const char *name, > goto out; > > ret =

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-16 Thread Ard Biesheuvel
On 8 April 2018 at 19:40, Hans de Goede wrote: > Just like with PCI options ROMs, which we save in the setup_efi_pci* > functions from arch/x86/boot/compressed/eboot.c, the EFI code / ROM itself > sometimes may contain data which is useful/necessary for peripheral drivers >

Re: [PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-16 Thread Ard Biesheuvel
On 8 April 2018 at 19:40, Hans de Goede wrote: > Just like with PCI options ROMs, which we save in the setup_efi_pci* > functions from arch/x86/boot/compressed/eboot.c, the EFI code / ROM itself > sometimes may contain data which is useful/necessary for peripheral drivers > to have access to. > >

[PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-08 Thread Hans de Goede
Just like with PCI options ROMs, which we save in the setup_efi_pci* functions from arch/x86/boot/compressed/eboot.c, the EFI code / ROM itself sometimes may contain data which is useful/necessary for peripheral drivers to have access to. Specifically the EFI code may contain an embedded copy of

[PATCH v3 2/5] efi: Add embedded peripheral firmware support

2018-04-08 Thread Hans de Goede
Just like with PCI options ROMs, which we save in the setup_efi_pci* functions from arch/x86/boot/compressed/eboot.c, the EFI code / ROM itself sometimes may contain data which is useful/necessary for peripheral drivers to have access to. Specifically the EFI code may contain an embedded copy of