From patchwork Fri Dec 17 07:06:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 524991 Delivered-To: patch@linaro.org Received: by 2002:a05:6e04:2287:0:0:0:0 with SMTP id bl7csp1310325imb; Thu, 16 Dec 2021 23:06:55 -0800 (PST) X-Google-Smtp-Source: ABdhPJyTjHISDrMgEXxP0iNrmciFLpa6RBXgLpHAUMRfh8+lBLBLyb6TtmEaiDw0HWjt1VMHOO8p X-Received: by 2002:a05:6402:524a:: with SMTP id t10mr1647392edd.78.1639724814912; Thu, 16 Dec 2021 23:06:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1639724814; cv=none; d=google.com; s=arc-20160816; b=w/bYO/xPINcbS1OOIHThfnKjbppNvIaYt0HAf/F45vVry8+Kt/Qeo29QjoZ4uXIwJb F4K5+gV/0ZYGwuZcV77886QAhyHxlwn07RMJJEDTqycZlhj5kGopHWVRTPen0ku0amcF 1CG9vkKK9k532KTLdniFci/fvzQcEfQ4e+xwVGedZa4NHsY6s1CkU+kk1mT/uN4XsEyy Kqgt76j7dOFCnwuukyB0Z0c5jDgXrwzrww5I3lhKWpxWDewOz/UqFQE5DgVWC0b2dx8+ hq04U3LgpQN/PfLo/5xykYMY9NKfwP0+mbjDDE5kE59cvfqxhki/+4Zap7llSmPUVOtQ yePw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=I2EkKdb6zKAz3S+eHd/htuKs21nrzUmEEo79FDG4puk=; b=SdRVJmQHkKCwEipnLb7qmmSHAjlAEnWENp5n6Pc1bXTZ+TvTo57r5neTwzYnH5HFj9 6S2UEBytuc7rLfvWHudp3pfXJJHiWHl8WmZFAFN1e/vQAeA5EoGdGdrTHx9plUeV+hb2 vR/i3bFQnnimN7DUBtimaA3w+x5ZbligN82QFPvhPocyxK6Zu0H6oT70zh2zbo9aBNx7 J2udp1FudovUi/aATNcowDiheF7aPQFB3EvXutTsWPFC5z9oAaN4kleiyNUBcoxdDdOg PVXgWh9VFa9Y91HRxlDjcMk52wssu8y6QBRn41Coa7gaGoBN6j6/GuO8ASmPN2tarrtv rrug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=itOBuHn9; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id s7si4223799ejd.151.2021.12.16.23.06.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Dec 2021 23:06:54 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=itOBuHn9; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id F136683057; Fri, 17 Dec 2021 08:06:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="itOBuHn9"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 023668305D; Fri, 17 Dec 2021 08:06:51 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C69AB82FE7 for ; Fri, 17 Dec 2021 08:06:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x434.google.com with SMTP id i22so2157847wrb.13 for ; Thu, 16 Dec 2021 23:06:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=I2EkKdb6zKAz3S+eHd/htuKs21nrzUmEEo79FDG4puk=; b=itOBuHn922HOStW31O+HrAY98IQJLlY2Z1Yl99M4dqw7RN4JPaihZC8Ll1G53PnmZM EjkYm946UMvbvoIZVNaihxatuC8fJTuKv52X+Qblq2D0dBJ1XOiWtatQFK2GAhKbqUkX Cjcz/kkMF68hVOk2RKt/pCHw5gZjeIbK/KRM92GZoOtJjBb0bPffb3NN88ao6M3Z49kM fnAAYLo6xiwYVekcMN4JpVm2MiKi7LkH40tcFNpiq1IylL3XyBB9EDgghnA7KVJulsyX RsuD2cFcQyshBIlHOtLX1tOkFgMTtUN2F0lieIhn2b6V8y+zy/XEOXyqQ/rUZHzz08J8 gMnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=I2EkKdb6zKAz3S+eHd/htuKs21nrzUmEEo79FDG4puk=; b=Vis31KKMf43fMk182uz/zB0tHpJHEraMpL+Ia4k+Vy79Z+VRF1EWM6IzpIZLpXZEN7 jTTlaB9iytvty4Oedv7n6t+rrqsjJRRLw4zjJi49z4A1g7dppNQGUpDrhzXCLGu8UTg4 OtFhkF9w0E7pkyGMKsfd0z0zUmvHTPHH3RK4mgbiCpPVm9sbYmwTuUztwLmz5G3cgadK rRcGEawZU2R/bVfj58sSnaXmstZBiGIYq+Nt/YVPRUYEZG0St/PUq2Qd+s5e6DKh/lfY 70LTCOMgGwUuTeEWMHlz+I91y5ybzxSd0fbxkDad4qyEx3CtgWHtk21o3GULSNeLWCqI pGRA== X-Gm-Message-State: AOAM531ep1rN5Sdq9PkHcPFqX4CxeKulLG7XmiB793+zct+tp8Hv4sUN h5xttKf+k2qIfHF8TEOaZCnpdw== X-Received: by 2002:adf:df81:: with SMTP id z1mr1143087wrl.668.1639724807306; Thu, 16 Dec 2021 23:06:47 -0800 (PST) Received: from hades.. (athedsl-4461669.home.otenet.gr. [94.71.4.85]) by smtp.gmail.com with ESMTPSA id l5sm7696741wrs.59.2021.12.16.23.06.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Dec 2021 23:06:46 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: ardb@kernel.org, mark.kettenis@xs4all.nl, Ilias Apalodimas , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH v2] efi_loader: Get rid of kaslr-seed Date: Fri, 17 Dec 2021 09:06:44 +0200 Message-Id: <20211217070644.2458603-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.38 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Right now we unconditionally pass a 'kaslr-seed' property to the kernel if the DTB we ended up in EFI includes the entry. However the kernel EFI stub completely ignores it and only relies on EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization of the physical placement of the kernel). So let's get rid of it if EFI_RNG_PPROTOCOL is installed. It's worth noting that TPMs also provide an RNG. So if we tweak our EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device is present the 'kaslr-seed' property will always be removed, allowing us to reliably measure our DTB as well. Acked-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- changes since v1: - Only removing the property if EFI_RNG_PROTOCOL is installed, since some OS'es rely on kaslr-seed - Only display an error message if the kaslr-seed entry was found but not removed cmd/bootefi.c | 2 ++ include/efi_loader.h | 2 ++ lib/efi_loader/efi_dt_fixup.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/cmd/bootefi.c b/cmd/bootefi.c index d77d3b6e943d..57f13ce701ec 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -310,6 +310,8 @@ efi_status_t efi_install_fdt(void *fdt) /* Create memory reservations as indicated by the device tree */ efi_carve_out_dt_rsv(fdt); + efi_try_purge_kaslr_seed(fdt); + /* Install device tree as UEFI table */ ret = efi_install_configuration_table(&efi_guid_fdt, fdt); if (ret != EFI_SUCCESS) { diff --git a/include/efi_loader.h b/include/efi_loader.h index 9dd6c2033634..1fe003db69e0 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -519,6 +519,8 @@ efi_status_t EFIAPI efi_convert_pointer(efi_uintn_t debug_disposition, void **address); /* Carve out DT reserved memory ranges */ void efi_carve_out_dt_rsv(void *fdt); +/* Purge unused kaslr-seed */ +void efi_try_purge_kaslr_seed(void *fdt); /* Called by bootefi to make console interface available */ efi_status_t efi_console_register(void); /* Called by bootefi to make all disk storage accessible as EFI objects */ diff --git a/lib/efi_loader/efi_dt_fixup.c b/lib/efi_loader/efi_dt_fixup.c index b6fe5d2e5a34..d3923e5dba1b 100644 --- a/lib/efi_loader/efi_dt_fixup.c +++ b/lib/efi_loader/efi_dt_fixup.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include @@ -40,6 +41,38 @@ static void efi_reserve_memory(u64 addr, u64 size, bool nomap) addr, size); } +/** + * efi_try_purge_kaslr_seed() - Remove unused kaslr-seed + * + * Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization + * and completely ignores the kaslr-seed for its own randomness needs + * (i.e the randomization of the physical placement of the kernel). + * Weed it out from the DTB we hand over, which would mess up our DTB + * TPM measurements as well. + * + * @fdt: Pointer to device tree + */ +void efi_try_purge_kaslr_seed(void *fdt) +{ + const efi_guid_t efi_guid_rng_protocol = EFI_RNG_PROTOCOL_GUID; + struct efi_handler *handler; + efi_status_t ret; + int nodeoff = 0; + int err = 0; + + ret = efi_search_protocol(efi_root, &efi_guid_rng_protocol, &handler); + if (ret != EFI_SUCCESS) + return; + + nodeoff = fdt_path_offset(fdt, "/chosen"); + if (nodeoff < 0) + return; + + err = fdt_delprop(fdt, nodeoff, "kaslr-seed"); + if (err < 0 && err != -FDT_ERR_NOTFOUND) + log_err("Error deleting kaslr-seed\n"); +} + /** * efi_carve_out_dt_rsv() - Carve out DT reserved memory ranges *