Announcement

Collapse
No announcement yet.

Linux 6.7 Reworks PE Header Generation To Reduce Attack Area

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Linux 6.7 Reworks PE Header Generation To Reduce Attack Area

    Phoronix: Linux 6.7 Reworks PE Header Generation To Reduce Attack Area

    One of the many early pull requests sent in for Linux 6.7 were the x86/boot changes that are headlined by a rework to the PE header generation in order to generate a modern, 4K-aligned kernel image view to ultimately aim for better system security...

    Linux 6.7 Reworks PE Header Generation To Reduce Attack Area - Phoronix
    https://www.phoronix.com/news/Linux-6.7-x86-boot
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    What's 4K in this context? 4096 bytes for a partition's cluster size?
    • Likes 1

    Comment

    • #3
      Originally posted by Kjell View Post
      What's 4K in this context?
      Alignment in memory (which is the granularity of memory permissions). The takeaway is that newer UEFI implementations require that there not be a page which is both executable and writable, and that bootloaders (i.e. grub shim) cannot create such and be signing under the new rules from around a year ago now (which has caused difficulties as a newer shim cannot be signed for some distros, and the older shim cannot boot on some newer systems). The security improvements are welcome (writable and executable pages are long known as a problem), but, as usual, moving forward takes time (lots of legacy assumptions in x86).
      • Likes 13

      Comment

      • #4
        Shades of 1978. VAX/VMS MACRO-32. .PSECT NAME, NOEXE, NOWRT.

        Good to see Linux catching up 50 years later. For x86... which is a near deprecated arch. I mean, if ISA and PCMCIA* are deprecated, the other than embedded systems why bother with x86?

        E

        * People Can't Memorize Computer Industry Acronyms
        • Likes 1

        Comment

        • #5
          4k display.

          ... just had to say it.
          • Likes 2

          Comment

          • #6
            Originally posted by gavron View Post
            Shades of 1978. VAX/VMS MACRO-32. .PSECT NAME, NOEXE, NOWRT.

            Good to see Linux catching up 50 years later. For x86... which is a near deprecated arch. I mean, if ISA and PCMCIA* are deprecated, the other than embedded systems why bother with x86?

            E

            * People Can't Memorize Computer Industry Acronyms
            "x86" in this context means x86-64 in kernel speak, so not deprecated at all.

            Comment

            Previous template Next
            Working...
            X