2 comments:
Patch Set #8, Line 36: if (cbd != vboot_get_cbfs_boot_device()) {
TOCTOU_SAFETY implies !NO_CBFS_MCACHE via Kconfig so I'm not checking it explicitly again. […]
I'm not completely following, but I'll take a look at the updated CL if it's clearer.
Patch Set #8, Line 471: die("RO CBFS initialization error: %d", err);
See above -- if TOCTOU_SAFETY is enabled, then an overflow of the RO mcache is basically a fatal err […]
I think that's where I wasn't understanding. You had assembled almost everything required to be TOCTOU safe, and I was assuming we'd actually employ that for Chrome OS since we're so close. I absolutely think we should strive for that instead of leaving the opportunity open for attacks. i.e. we're tightening up the threat model.
To view, visit change 41120. To unsubscribe, or for help writing mail filters, visit settings.