[SLOF] [PATCH 0/4] Block write support for SCSI and virtio-block disks

Thomas Huth thuth at redhat.com
Tue Nov 15 19:00:33 AEDT 2016

On 15.11.2016 02:47, Alexey Kardashevskiy wrote:
> On 14/11/16 23:03, Thomas Huth wrote:
>> On 14.11.2016 08:53, Nikunj A Dadhania wrote:
>>> Thomas Huth <thuth at redhat.com> writes:
>>>> On 14.11.2016 07:32, Nikunj A Dadhania wrote:
>> [...]
>>>>> My only worry here is that it would open up a way to write to the
>>>>> critical section of the disk image from the SLOF prompt. Is there a way
>>>>> we can prevent this?
>>>> Good idea, I also felt a little bit uneasy to have write support in the
>>>> firmware, but since GRUB needs it, we likely can't ignore this.
>>>> So with critical section, you mean the MBR, I assume?
>>> Yes.
>>>> That should be feasible, I think I could add a check that refuses
>>>> writes to the first 512 bytes (or a little bit more to also protect
>>>> the GPT? Suggestions welcome!).
>>> Correct. For MBR 1st sector. For GPT (34 sectors in the beginning and 33
>>> at the end) please refer to the following link for more details
>>> https://en.wikipedia.org/wiki/GUID_Partition_Table
>> I just had a look at it, but adding code for checking whether the GPT is
>> available or not (or using the checks from disk-label.fs) would render
>> the whole checking mechanism quite complicated, as far as I can see...
>> What about simply refusing write accesses to the first 4 sectors or so?
>> Would that be OK? I think GRUB should never try to write to them - with
>> MBR + partition header + file system superblock etc. the grubenv file
>> should never be located below sector 4.
> Can SLOF remember what partition it loaded grub from and restrict writes
> just to that partition? The "grub" which SLOF loads is the one at
> /boot/grub/grub, right?

Good idea - I think such a check could be done at the disk-label.fs
level. I'll have a try...


More information about the SLOF mailing list