Received: by 10.223.176.5 with SMTP id f5csp1008795wra; Fri, 2 Feb 2018 09:37:15 -0800 (PST) X-Google-Smtp-Source: AH8x225ivHhwj7nDZ7bDnpnW6rZM26pSJhX94E9pFjhQmHvKJns2GOOoCnXXoAyTiceG4/it6WQB X-Received: by 10.101.78.201 with SMTP id w9mr30846423pgq.43.1517593035310; Fri, 02 Feb 2018 09:37:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517593035; cv=none; d=google.com; s=arc-20160816; b=GulFexBtjI8wlLRJOllXgCi1c8KPbN2ZG2RLFlWNkTsVEDkL2YIEJG5rP0Mw2yKAJs ZCYdII6qx12VRvHPS8FAc59xjT+LHWR2c0yIzw6V7++WOjQvSc2r2wmWBL7zF2fowZDY 4rBpU2pXIvVr7fU1fYFowjcala2pL3luJh86xBcJcifk+Fja3yiiTN9h/6taxTAaUw5J bBaxxCFOenwrKQ2SZzmpElNR+JB0fHjQISxzZXrFwa5ZcedIgKd36kGt9kGNu+cXO3IO MhHaWn3JM2W5cdH+jJh3lKWe9gsvM4GAadaj4ErkV6jmaRkALqb0lC4uVaftyh4hQyBc Q5gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=lvUh8SWgkK15wSAXtRdVW7V9N8tCmiZhbTKRd2QgxjI=; b=bWJPPPBMFf9hfF0H6I+0kppR1PbXy8AydPETxJhNE5qb7LhAND6WcW8LDWQlkbZAKK g3wHtvEIDZT8809OFY8taGo5LmfC3jYyUzsU7YT5l1qJXE/TT7z+1SeCs7BmZT/sjFjy JGwq9+BKffsC3qHFb5+4IAaswe1QDNLFDbA6aBOEhoxZk09BOwd3bbGorZ/H5Icm9Is6 8uOEjRvB1CSRU+dKgMybWrS7s/p+qUHWtNa1DN+Zgp1VQiEnZh84QxHKMnMdHu2jCR4/ oWuVuYiteu4GuYaP34LbaflOF7DZ/wSux1WrTHy4nhaNYjOk0wzHzoyGGiSr2s70wdbB qHbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3-v6si2105154pld.270.2018.02.02.09.37.00; Fri, 02 Feb 2018 09:37:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753242AbeBBRfU (ORCPT + 99 others); Fri, 2 Feb 2018 12:35:20 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:41218 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753573AbeBBRR0 (ORCPT ); Fri, 2 Feb 2018 12:17:26 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id A8495BC4; Fri, 2 Feb 2018 17:17:25 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Matthew Garrett , Ard Biesheuvel , Linus Torvalds , Peter Zijlstra , Thomas Gleixner , linux-efi@vger.kernel.org, Ingo Molnar Subject: [PATCH 4.15 55/55] x86/efi: Clarify that reset attack mitigation needs appropriate userspace Date: Fri, 2 Feb 2018 17:59:13 +0100 Message-Id: <20180202140831.336212129@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180202140826.117602411@linuxfoundation.org> References: <20180202140826.117602411@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Matthew Garrett commit a5c03c31af2291f13689d11760c0b59fb70c9a5a upstream. Some distributions have turned on the reset attack mitigation feature, which is designed to force the platform to clear the contents of RAM if the machine is shut down uncleanly. However, in order for the platform to be able to determine whether the shutdown was clean or not, userspace has to be configured to clear the MemoryOverwriteRequest flag on shutdown - otherwise the firmware will end up clearing RAM on every reboot, which is unnecessarily time consuming. Add some additional clarity to the kconfig text to reduce the risk of systems being configured this way. Signed-off-by: Matthew Garrett Acked-by: Ard Biesheuvel Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- drivers/firmware/efi/Kconfig | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/firmware/efi/Kconfig +++ b/drivers/firmware/efi/Kconfig @@ -159,7 +159,10 @@ config RESET_ATTACK_MITIGATION using the TCG Platform Reset Attack Mitigation specification. This protects against an attacker forcibly rebooting the system while it still contains secrets in RAM, booting another OS and extracting the - secrets. + secrets. This should only be enabled when userland is configured to + clear the MemoryOverwriteRequest flag on clean shutdown after secrets + have been evicted, since otherwise it will trigger even on clean + reboots. endmenu