]> git.itanic.dy.fi Git - linux-stable/commit
projects / linux-stable / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 196dff2) | patch
efi: vars: prohibit reading random seed variables
authorJason A. Donenfeld <Jason@zx2c4.com>
Tue, 22 Nov 2022 02:04:00 +0000 (03:04 +0100)
committerArd Biesheuvel <ardb@kernel.org>
Thu, 1 Dec 2022 08:51:21 +0000 (09:51 +0100)
commit63ffb573df66aea034d07fd00483d0a3cd4fed66
tree32b54fd05eaec67a46a333e7cb95254cd04d1f1btree | snapshot
parent196dff2712ca5a2e651977bb2fe6b05474111a83commit | diff
efi: vars: prohibit reading random seed variables

In anticipation of putting random seeds in EFI variables, it's important
that the random GUID namespace of variables remains hidden from
userspace. We accomplish this by not populating efivarfs with entries
from that GUID, as well as denying the creation of new ones in that
GUID.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
fs/efivarfs/inode.c diff | blob | history
fs/efivarfs/super.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.