Re: security: delete BIOS password in keyboard buffer during kernelbootup

[Gerhard Mack]

On Tue, 11 Nov 2008, Alan Cox wrote:

> Date: Tue, 11 Nov 2008 16:54:21 +0000
> From: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
> To: Pavel Machek <pavel@xxxxxxx>
> Cc: mathias.schnarrenberger@xxxxxx, Olaf van der Spek <olafvdspek@xxxxxxxxx>,
>     linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: security: delete BIOS password in keyboard buffer during kernel
>     bootup
> 
> > OTOH we don't call BIOS from linux, so we assume that low 64K is
> > usable memory (unless marked otherwise in memmap, I guess).
> 
> We use the BIOS in some cases for PCI routing, PCI services, APM, and
> indirectly for SMM traps, ACPI and via user space for other stuff. So we
> preserve the bottom 4K for the BIOS 0x40:xx page
> > 
> > Anyway, proper place to do clearing is bootloader; it interacts with
> > bios already, anyway...
> 
> Agreed entirely.

Best place would be for the OEM to fix it.  If it's a security issue it 
shouldn't be overly difficult to embarass them into a fix.

	Gerhard
 
--
Gerhard Mack

gmack@xxxxxxxxxxxxx

<>< As a computer I find your faith in technology amusing.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/