summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorMatthew Garrett <mjg59@google.com>2018-01-16 09:10:02 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-02-03 17:39:25 +0100
commit04178b1709b6e98c929ae7ca2668c85334e886b2 (patch)
tree025eb64abd9eee4a82f5c6004d30b9c393f588ff /drivers
parent01ab9886ea7815d41a4ee435524c3fce127e7290 (diff)
downloadlinux-rpi3-04178b1709b6e98c929ae7ca2668c85334e886b2.tar.gz
linux-rpi3-04178b1709b6e98c929ae7ca2668c85334e886b2.tar.bz2
linux-rpi3-04178b1709b6e98c929ae7ca2668c85334e886b2.zip
x86/efi: Clarify that reset attack mitigation needs appropriate userspace
commit a5c03c31af2291f13689d11760c0b59fb70c9a5a upstream. Some distributions have turned on the reset attack mitigation feature, which is designed to force the platform to clear the contents of RAM if the machine is shut down uncleanly. However, in order for the platform to be able to determine whether the shutdown was clean or not, userspace has to be configured to clear the MemoryOverwriteRequest flag on shutdown - otherwise the firmware will end up clearing RAM on every reboot, which is unnecessarily time consuming. Add some additional clarity to the kconfig text to reduce the risk of systems being configured this way. Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/firmware/efi/Kconfig5
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index 2b4c39fdfa91..86210f75d233 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -159,7 +159,10 @@ config RESET_ATTACK_MITIGATION
using the TCG Platform Reset Attack Mitigation specification. This
protects against an attacker forcibly rebooting the system while it
still contains secrets in RAM, booting another OS and extracting the
- secrets.
+ secrets. This should only be enabled when userland is configured to
+ clear the MemoryOverwriteRequest flag on clean shutdown after secrets
+ have been evicted, since otherwise it will trigger even on clean
+ reboots.
endmenu