[SLOF] [PATCH 0/4] Block write support for SCSI and virtio-block disks

Nikunj A Dadhania nikunj at linux.vnet.ibm.com
Wed Nov 16 16:18:35 AEDT 2016 

Alexey Kardashevskiy <aik at ozlabs.ru> writes:

> On 15/11/16 19:13, Nikunj A Dadhania wrote:
>> Thomas Huth <thuth at redhat.com> writes:
>> 
>>> On 15.11.2016 02:47, Alexey Kardashevskiy wrote:
>>>> On 14/11/16 23:03, Thomas Huth wrote:
>>>>> On 14.11.2016 08:53, Nikunj A Dadhania wrote:
>>>>>> Thomas Huth <thuth at redhat.com> writes:
>>>>>>
>>>>>>> On 14.11.2016 07:32, Nikunj A Dadhania wrote:
>>>>> [...]
>>>>>>>> My only worry here is that it would open up a way to write to the
>>>>>>>> critical section of the disk image from the SLOF prompt. Is there a way
>>>>>>>> we can prevent this?
>>>>>>>
>>>>>>> Good idea, I also felt a little bit uneasy to have write support in the
>>>>>>> firmware, but since GRUB needs it, we likely can't ignore this.
>>>>>>> So with critical section, you mean the MBR, I assume?
>>>>>>
>>>>>> Yes.
>>>>>>
>>>>>>> That should be feasible, I think I could add a check that refuses
>>>>>>> writes to the first 512 bytes (or a little bit more to also protect
>>>>>>> the GPT? Suggestions welcome!).
>>>>>>
>>>>>> Correct. For MBR 1st sector. For GPT (34 sectors in the beginning and 33
>>>>>> at the end) please refer to the following link for more details
>>>>>>
>>>>>> https://en.wikipedia.org/wiki/GUID_Partition_Table
>>>>>
>>>>> I just had a look at it, but adding code for checking whether the GPT is
>>>>> available or not (or using the checks from disk-label.fs) would render
>>>>> the whole checking mechanism quite complicated, as far as I can see...
>>>>> What about simply refusing write accesses to the first 4 sectors or so?
>>>>> Would that be OK? I think GRUB should never try to write to them - with
>>>>> MBR + partition header + file system superblock etc. the grubenv file
>>>>> should never be located below sector 4.
>>>>
>>>> Can SLOF remember what partition it loaded grub from and restrict writes
>>>> just to that partition? The "grub" which SLOF loads is the one at
>>>> /boot/grub/grub, right?
>> 
>> The grub that SLOF loads is from the PReP partition. Rest of the loading
>> is then done by grub itself using client interface.
>
>
> Can SLOF load grub from /boot/grub/grub at all, not from PReP?

Not all file systems are supported in SLOF. EXT2 is the only supported one.

AFAIU, GRUB has two stages, in case of POWER both the stages are combined
and put in the PReP. Which has basic grub core and required file system
drivers, after that all the other features are loaded as modules from /boot/grub2

Regards,
Nikunj

More information about the SLOF mailing list