diff options
| author | Matthew Garrett <[email protected]> | 2017-08-25 16:50:15 +0100 |
|---|---|---|
| committer | Ingo Molnar <[email protected]> | 2017-08-26 09:20:33 +0200 |
| commit | ccc829ba3624beb9a703fc995d016b836d9eead8 (patch) | |
| tree | b1791e31decb96c4fad4cd24b6b9dce5a351d2eb /tools/perf/scripts/python/export-to-postgresql.py | |
| parent | 3cb9bc85029f2ceb7a5babadcab445c7cb861da8 (diff) | |
efi/libstub: Enable reset attack mitigation
If a machine is reset while secrets are present in RAM, it may be
possible for code executed after the reboot to extract those secrets
from untouched memory. The Trusted Computing Group specified a mechanism
for requesting that the firmware clear all RAM on reset before booting
another OS. This is done by setting the MemoryOverwriteRequestControl
variable at startup. If userspace can ensure that all secrets are
removed as part of a controlled shutdown, it can reset this variable to
0 before triggering a hardware reboot.
Signed-off-by: Matthew Garrett <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Matt Fleming <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions