From: Borislav Petkov <bp@alien8.de>
To: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: linux-kernel@vger.kernel.org, H Peter Anvin <hpa@zytor.com>
Subject: Re: [PATCH 7/8] x86, microcode, intel: forbid some incorrect metadata
Date: Fri, 8 Aug 2014 17:21:35 +0200 [thread overview]
Message-ID: <20140808152135.GD2776@pd.tnic> (raw)
In-Reply-To: <20140808135057.GC17542@khazad-dum.debian.net>
On Fri, Aug 08, 2014 at 10:50:57AM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 08 Aug 2014, Borislav Petkov wrote:
> > If someone tries to load a microcode blob which has been split and so
> > on, then we should refuse loading. We want to accept microcode from the
> > vendor and nothing else glued together.
>
> I don't quite get why we should refuse microcode
Because the blob from the official location passes internal validation, I'd
strongly assume. Everything else doesn't.
> that has been split by userspace when the Intel SDM explicitly states
> that tools can do that if there is a need,
Where?
> In these last two weeks I tried to look around for microcode loader
> implementantions, and now I believe we will *never* see microcode with the
> current version of the extended signatures specification. The loaders in
> the field are just too broken, Intel might as well come up with a new and
> enhanced design that doesn't have so many sharp edges, since nearly everyone
> will have to patch their loaders anyway.
You can't just assume that just because implementations are faulty there
- they should adhere to the SDM and it is authoritative. If the extended
signatures are really needed at some point, implementations will have to
be fixed.
> I will respin the patch without the %1024 comment. Note that I never
> *removed* any test, we never tested for %1024 in the first place
And I'm saying we should if we're loading the official blob.
--
Regards/Gruss,
Boris.
Sent from a fat crate under my desk. Formatting is fine.
--
next prev parent reply other threads:[~2014-08-08 15:21 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-23 20:10 [PATCH 0/8] x86, microcode: cosmetic and minor issue fixes Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 1/8] x86, microcode, amd: fix missing static declaration Henrique de Moraes Holschuh
2014-07-24 10:24 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 2/8] x86, microcode, intel: fix missing static declarations Henrique de Moraes Holschuh
2014-07-24 10:28 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 3/8] x86, microcode, intel: fix typos Henrique de Moraes Holschuh
2014-07-24 10:33 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 4/8] x86, microcode, intel: fix missing declaration Henrique de Moraes Holschuh
2014-07-24 11:01 ` Borislav Petkov
2014-07-24 14:27 ` Henrique de Moraes Holschuh
2014-07-24 18:23 ` [PATCH v2 4/8] x86, microcode, intel: rename apply_microcode and declare it static Henrique de Moraes Holschuh
2014-07-25 16:23 ` Borislav Petkov
2014-07-23 20:10 ` [PATCH 5/8] x86, microcode, intel: don't use fields from unknown format header Henrique de Moraes Holschuh
2014-07-24 11:37 ` Borislav Petkov
2014-07-24 13:30 ` Henrique de Moraes Holschuh
2014-07-24 14:28 ` Borislav Petkov
2014-07-24 15:07 ` Henrique de Moraes Holschuh
2014-07-24 16:29 ` Borislav Petkov
2014-07-24 17:49 ` Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 6/8] x86, microcode, intel: total_size is valid only when data_size != 0 Henrique de Moraes Holschuh
2014-07-25 16:46 ` Borislav Petkov
2014-07-25 19:04 ` Henrique de Moraes Holschuh
2014-07-28 14:26 ` Borislav Petkov
2014-07-28 15:39 ` Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 7/8] x86, microcode, intel: forbid some incorrect metadata Henrique de Moraes Holschuh
2014-07-28 15:31 ` Borislav Petkov
2014-07-28 19:37 ` Henrique de Moraes Holschuh
2014-07-29 10:45 ` Borislav Petkov
2014-07-29 20:25 ` Henrique de Moraes Holschuh
2014-08-04 11:09 ` Borislav Petkov
2014-08-04 20:18 ` Henrique de Moraes Holschuh
2014-08-08 12:54 ` Borislav Petkov
2014-08-08 13:50 ` Henrique de Moraes Holschuh
2014-08-08 15:21 ` Borislav Petkov [this message]
2014-08-08 15:45 ` Henrique de Moraes Holschuh
2014-07-23 20:10 ` [PATCH 8/8] x86, microcode, intel: correct extended signature checksum verification Henrique de Moraes Holschuh
2014-07-28 20:36 ` Henrique de Moraes Holschuh
2014-08-24 14:55 ` [tip:x86/microcode] x86, microcode, amd: Fix missing static declaration tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:55 ` [tip:x86/microcode] x86, microcode, intel: Add missing static declarations tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:56 ` [tip:x86/microcode] x86, microcode, intel: Fix typos tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:56 ` [tip:x86/microcode] x86, microcode, intel: Rename apply_microcode and declare it static tip-bot for Henrique de Moraes Holschuh
2014-08-24 14:56 ` [tip:x86/microcode] x86, microcode, intel: Fix total_size computation tip-bot for Henrique de Moraes Holschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140808152135.GD2776@pd.tnic \
--to=bp@alien8.de \
--cc=hmh@hmh.eng.br \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.