[SLOF] [PATCH 0/4] Block write support for SCSI and virtio-block disks
Nikunj A Dadhania
nikunj at linux.vnet.ibm.com
Tue Nov 15 13:54:37 AEDT 2016
Thomas Huth <thuth at redhat.com> writes:
> On 14.11.2016 08:53, Nikunj A Dadhania wrote:
>> Thomas Huth <thuth at redhat.com> writes:
>>
>>> On 14.11.2016 07:32, Nikunj A Dadhania wrote:
> [...]
>>>> My only worry here is that it would open up a way to write to the
>>>> critical section of the disk image from the SLOF prompt. Is there a way
>>>> we can prevent this?
>>>
>>> Good idea, I also felt a little bit uneasy to have write support in the
>>> firmware, but since GRUB needs it, we likely can't ignore this.
>>> So with critical section, you mean the MBR, I assume?
>>
>> Yes.
>>
>>> That should be feasible, I think I could add a check that refuses
>>> writes to the first 512 bytes (or a little bit more to also protect
>>> the GPT? Suggestions welcome!).
>>
>> Correct. For MBR 1st sector. For GPT (34 sectors in the beginning and 33
>> at the end) please refer to the following link for more details
>>
>> https://en.wikipedia.org/wiki/GUID_Partition_Table
>
> I just had a look at it, but adding code for checking whether the GPT is
> available or not (or using the checks from disk-label.fs) would render
> the whole checking mechanism quite complicated, as far as I can see...
: write
\ IF sector number is 0 return
no-gpt? ! IF
\ check-block number
THEN
\ call write
;
Shouldn't something like the above work fine? Am I missing something?
It should be fine penalizing write as this is a very rare operation for
a very special case.
> What about simply refusing write accesses to the first 4 sectors or so?
> Would that be OK?
That would not cover all GPT sectors
> I think GRUB should never try to write to them - with MBR + partition
> header + file system superblock etc.
I was never worried about writing from GRUB, but from the SLOF prompt.
> the grubenv file should never be located below sector 4.
Regards
Nikunj
More information about the SLOF
mailing list