From patchwork Mon Dec 28 11:20:54 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 59015
Delivered-To: patch@linaro.org
Received: by 10.112.130.2 with SMTP id oa2csp1649813lbb;
 Mon, 28 Dec 2015 03:28:56 -0800 (PST)
X-Received: by 10.66.156.134 with SMTP id we6mr7600217pab.92.1451302136347; 
 Mon, 28 Dec 2015 03:28:56 -0800 (PST)
Return-Path: <linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org>
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2001:1868:205::9]) by mx.google.com with ESMTPS id
 u1si33483180pfi.121.2015.12.28.03.28.56 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 28 Dec 2015 03:28:56 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:1868:205::9 as permitted sender)
 client-ip=2001:1868:205::9; 
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:1868:205::9 as permitted sender)
 smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1aDVxv-00007J-GD; Mon, 28 Dec 2015 11:27:51 +0000
Received: from mail-wm0-x235.google.com ([2a00:1450:400c:c09::235])
 by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
 Linux)) id 1aDVru-0002jK-VI for linux-arm-kernel@lists.infradead.org;
 Mon, 28 Dec 2015 11:21:41 +0000
Received: by mail-wm0-x235.google.com with SMTP id f206so4159389wmf.0
 for <linux-arm-kernel@lists.infradead.org>;
 Mon, 28 Dec 2015 03:21:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=r9obInWSirCDIl6DYJYecQlPcKPShuThcgLp2/NqJss=;
 b=MrRVlDs5os9VuCUs4tBHW7cEgOJc4fFeahsFJEQcfsCzdy6mL/WPddh1QuEbtyqOCX
 TQaCzawyipyXAvVL3HQi3A0CdjS1iUufD97waic7XHDqjsY+X93tjXLxY5vonTKNHHlA
 guyz3AIvCZ4uDA3/mngZ3Wp6auAn7maI/mK7A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=r9obInWSirCDIl6DYJYecQlPcKPShuThcgLp2/NqJss=;
 b=XFfzhj+iO0ICrZYDzq/pdeYAoQRcjA2v0xcYldkcuKy7F+wjT7Jk7nJolxIK/O+7xV
 oBg0dzoviuid01oqRMss4Uv3YvzBBlTgQFZqXy8wMXeGQtiVwZX5lrSIiItpFHsKLuTs
 90TPn+IiON39SixtmrC6NrhUeCBy4VTrTDWP53IR8emGx6YgBfkhE4epJj9wPDRM44GE
 ZtB9qWo0neSTINOYWYh4DjeWCqRCobroEqNwCKLk3/GhBGmPiHxSPdUT9Ahe3H7fIr3T
 owLBh0k8fluqm7b3xdNf6vKSYwXE8psR/aUZ5T7rvaiiKMC+MG0iLgYnXradHRElGavi
 CwHw==
X-Gm-Message-State: ALoCoQll9W+/rxxoDfJxugeDzCFBpJcTpNvXCca0rsL2viEOyCBxwq60sJKsYmVXacTy4eyOhdK3CqncgCuD+JYPxF0lzbrRuw==
X-Received: by 10.28.139.205 with SMTP id n196mr3258725wmd.0.1451301678993; 
 Mon, 28 Dec 2015 03:21:18 -0800 (PST)
Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net.
 [83.153.85.71]) by smtp.gmail.com with ESMTPSA id
 i63sm22556235wmf.24.2015.12.28.03.21.17
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 28 Dec 2015 03:21:18 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com, 
 will.deacon@arm.com, catalin.marinas@arm.com, mark.rutland@arm.com,
 leif.lindholm@linaro.org, keescook@chromium.org, lkml@vger.kernel.org
Subject: [RFC PATCH 10/10] arm64: efi: invoke EFI_RNG_PROTOCOL to supply
 KASLR randomness
Date: Mon, 28 Dec 2015 12:20:54 +0100
Message-Id: <1451301654-32019-11-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.5.0
In-Reply-To: <1451301654-32019-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1451301654-32019-1-git-send-email-ard.biesheuvel@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20151228_032139_433220_0A0ED864 
X-CRM114-Status: GOOD (  13.24  )
X-Spam-Score: -2.7 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
 Content analysis details:   (-2.7 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
 low
 trust [2a00:1450:400c:c09:0:0:0:235 listed in] [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: bhupesh.sharma@freescale.com, stuart.yoder@freescale.com,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org

Since arm64 does not use a decompressor that supplies an execution
environment where it is feasible to some extent to provide a source of
randomness, the arm64 KASLR kernel depends on the bootloader to supply
some random bits in register x1 upon kernel entry.

On UEFI systems, we can use the EFI_RNG_PROTOCOL, if supplied, to obtain
some random bits.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/kernel/efi-entry.S           |  7 +++--
 drivers/firmware/efi/libstub/arm-stub.c | 31 ++++++++++++++++++++
 include/linux/efi.h                     |  5 +++-
 3 files changed, 40 insertions(+), 3 deletions(-)

-- 
2.5.0


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

diff --git a/arch/arm64/kernel/efi-entry.S b/arch/arm64/kernel/efi-entry.S
index f82036e02485..e9bd55de14dd 100644
--- a/arch/arm64/kernel/efi-entry.S
+++ b/arch/arm64/kernel/efi-entry.S
@@ -110,7 +110,7 @@ ENTRY(entry)
 2:
 	/* Jump to kernel entry point */
 	mov	x0, x20
-	mov	x1, xzr
+	ldr	x1, efi_random_bytes
 	mov	x2, xzr
 	mov	x3, xzr
 	br	x21
@@ -119,6 +119,9 @@ efi_load_fail:
 	mov	x0, #EFI_LOAD_ERROR
 	ldp	x29, x30, [sp], #32
 	ret
+ENDPROC(entry)
+
+ENTRY(efi_random_bytes)
+	.quad	0
 
 entry_end:
-ENDPROC(entry)
diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c
index 950c87f5d279..ebdf7137fe97 100644
--- a/drivers/firmware/efi/libstub/arm-stub.c
+++ b/drivers/firmware/efi/libstub/arm-stub.c
@@ -145,6 +145,31 @@ void efi_char16_printk(efi_system_table_t *sys_table_arg,
 	out->output_string(out, str);
 }
 
+struct efi_rng_protocol_t {
+	efi_status_t (*get_info)(struct efi_rng_protocol_t *, unsigned long *, efi_guid_t *);
+	efi_status_t (*get_rng)(struct efi_rng_protocol_t *, efi_guid_t *, unsigned long, u8 *out);
+};
+
+static int efi_get_random_bytes(efi_system_table_t *sys_table)
+{
+	extern u64 efi_random_bytes;
+
+	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
+	efi_status_t status;
+	struct efi_rng_protocol_t *rng;
+
+	status = sys_table->boottime->locate_protocol(&rng_proto, NULL,
+						      (void **)&rng);
+	if (status == EFI_NOT_FOUND) {
+		pr_efi(sys_table, "EFI_RNG_PROTOCOL unavailable, no randomness supplied\n");
+		return EFI_SUCCESS;
+	}
+
+	if (status != EFI_SUCCESS)
+		return status;
+
+	return rng->get_rng(rng, NULL, sizeof(u64), (u8 *)&efi_random_bytes);
+}
 
 /*
  * This function handles the architcture specific differences between arm and
@@ -267,6 +292,12 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table,
 	if (status != EFI_SUCCESS)
 		pr_efi_err(sys_table, "Failed initrd from command line!\n");
 
+	if (IS_ENABLED(CONFIG_ARM64_RELOCATABLE_KERNEL)) {
+		status = efi_get_random_bytes(sys_table);
+		if (status != EFI_SUCCESS)
+			pr_efi_err(sys_table, "efi_get_random_bytes() failed\n");
+	}
+
 	new_fdt_addr = fdt_addr;
 	status = allocate_new_fdt_and_exit_boot(sys_table, handle,
 				&new_fdt_addr, dram_base + MAX_FDT_OFFSET,
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 569b5a866bb1..13783fdc9bdd 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -299,7 +299,7 @@ typedef struct {
 	void *open_protocol_information;
 	void *protocols_per_handle;
 	void *locate_handle_buffer;
-	void *locate_protocol;
+	efi_status_t (*locate_protocol)(efi_guid_t *, void *, void **);
 	void *install_multiple_protocol_interfaces;
 	void *uninstall_multiple_protocol_interfaces;
 	void *calculate_crc32;
@@ -599,6 +599,9 @@ void efi_native_runtime_setup(void);
 #define EFI_PROPERTIES_TABLE_GUID \
     EFI_GUID(  0x880aaca3, 0x4adc, 0x4a04, 0x90, 0x79, 0xb7, 0x47, 0x34, 0x08, 0x25, 0xe5 )
 
+#define EFI_RNG_PROTOCOL_GUID \
+    EFI_GUID(  0x3152bca5, 0xeade, 0x433d, 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 )
+
 typedef struct {
 	efi_guid_t guid;
 	u64 table;