Bug 1163396 – Missing userspace support for cold boot attack mitigation

Bug 1163396 - Missing userspace support for cold boot attack mitigation


Summary:	Missing userspace support for cold boot attack mitigation

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Kernel
Version:	Current
Hardware:	x86-64 Linux

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assigned To:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-02-11 18:10 UTC by Dan Robinson
Modified:	2020-02-26 09:37 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dan Robinson 2020-02-11 18:10:32 UTC

OpenSUSE's kernel is built with CONFIG_RESET_ATTACK_MITIGATION=y, see bug 1108302.

However there is no accompanying userspace component to tell EFI that the system was shut down cleanly as recommended in the kernel help for that option. The mitigation causes unusual reboots at least on my hardware (and I've seen other bug reports of similar behavior, e.g. https://bugzilla.redhat.com/show_bug.cgi?id=1532058).

This could be resolved either by adding a systemd unit as described in the RH bug I linked or disabling this option.

Comment 1 Jiri Slaby 2020-02-26 09:37:45 UTC

Pushed to master & stable.