diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-11-22 03:04:00 +0100 |
---|---|---|
committer | Ard Biesheuvel <ardb@kernel.org> | 2022-12-01 09:51:21 +0100 |
commit | 63ffb573df66aea034d07fd00483d0a3cd4fed66 (patch) | |
tree | 32b54fd05eaec67a46a333e7cb95254cd04d1f1b /fs/efivarfs/super.c | |
parent | efi: random: combine bootloader provided RNG seed with RNG protocol output (diff) | |
download | linux-63ffb573df66aea034d07fd00483d0a3cd4fed66.tar.xz linux-63ffb573df66aea034d07fd00483d0a3cd4fed66.zip |
efi: vars: prohibit reading random seed variables
In anticipation of putting random seeds in EFI variables, it's important
that the random GUID namespace of variables remains hidden from
userspace. We accomplish this by not populating efivarfs with entries
from that GUID, as well as denying the creation of new ones in that
GUID.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Diffstat (limited to 'fs/efivarfs/super.c')
-rw-r--r-- | fs/efivarfs/super.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c index 6780fc81cc11..07e82e246666 100644 --- a/fs/efivarfs/super.c +++ b/fs/efivarfs/super.c @@ -116,6 +116,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor, int err = -ENOMEM; bool is_removable = false; + if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) + return 0; + entry = kzalloc(sizeof(*entry), GFP_KERNEL); if (!entry) return err; |