EFI In Linux 4.14 Will Better Handle Rebooting Of Buggy Systems
There are a few notable EFI fixes to find for the in-development Linux 4.14 kernel.
First up, EFI will now fallback to other poweroff methods if the EFI poweroff process fails. If the EFI_RESET_SHUTDOWN returns without powering off the system during this EFI shutdown process, the kernel will fall back to the traditional power-off process. The EFI-based shutdown process was originally added since some systems otherwise do not shutdown. But it appears that at least some systems/tablets exposing EFI_RESET_SHUTDOWN do not actually behave correctly. In particular, Red Hat's Hans de Goede noted that some Bay Trail devices are not behaving correctly and warranty this transparent fallback during the power-off process.
The new EFI material in Linux 4.14 also allows requesting the firmware to wipe the RAM at the warm reboot stage. increasing the size of the random seed via UEFI, better EFI framebuffer address handling, and allow for reset attack mitigation of TPM environments via the new CONFIG_RESET_ATTACK_MITIGATION switch.
The CONFIG_RESET_ATTACK_MITIGATION is about ensuring the RAM gets cleared after a machine reset that otherwise could contain secrets in memory if not properly cleared. This option is dependent upon the firmware behaving correctly and clearing all RAM when requested before loading another operating system.
More details via the EFI pull request.
First up, EFI will now fallback to other poweroff methods if the EFI poweroff process fails. If the EFI_RESET_SHUTDOWN returns without powering off the system during this EFI shutdown process, the kernel will fall back to the traditional power-off process. The EFI-based shutdown process was originally added since some systems otherwise do not shutdown. But it appears that at least some systems/tablets exposing EFI_RESET_SHUTDOWN do not actually behave correctly. In particular, Red Hat's Hans de Goede noted that some Bay Trail devices are not behaving correctly and warranty this transparent fallback during the power-off process.
The new EFI material in Linux 4.14 also allows requesting the firmware to wipe the RAM at the warm reboot stage. increasing the size of the random seed via UEFI, better EFI framebuffer address handling, and allow for reset attack mitigation of TPM environments via the new CONFIG_RESET_ATTACK_MITIGATION switch.
The CONFIG_RESET_ATTACK_MITIGATION is about ensuring the RAM gets cleared after a machine reset that otherwise could contain secrets in memory if not properly cleared. This option is dependent upon the firmware behaving correctly and clearing all RAM when requested before loading another operating system.
More details via the EFI pull request.
15 Comments