summaryrefslogtreecommitdiffstats
path: root/fs/efivarfs/super.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2022-11-22 03:04:00 +0100
committerArd Biesheuvel <ardb@kernel.org>2022-12-01 09:51:21 +0100
commit63ffb573df66aea034d07fd00483d0a3cd4fed66 (patch)
tree32b54fd05eaec67a46a333e7cb95254cd04d1f1b /fs/efivarfs/super.c
parentefi: random: combine bootloader provided RNG seed with RNG protocol output (diff)
downloadlinux-63ffb573df66aea034d07fd00483d0a3cd4fed66.tar.xz
linux-63ffb573df66aea034d07fd00483d0a3cd4fed66.zip
efi: vars: prohibit reading random seed variables
In anticipation of putting random seeds in EFI variables, it's important that the random GUID namespace of variables remains hidden from userspace. We accomplish this by not populating efivarfs with entries from that GUID, as well as denying the creation of new ones in that GUID. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Diffstat (limited to 'fs/efivarfs/super.c')
-rw-r--r--fs/efivarfs/super.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 6780fc81cc11..07e82e246666 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -116,6 +116,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
int err = -ENOMEM;
bool is_removable = false;
+ if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
+ return 0;
+
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
if (!entry)
return err;