From patchwork Mon Jan 3 12:07:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 529632 Delivered-To: patch@linaro.org Received: by 2002:ac0:9f5c:0:0:0:0:0 with SMTP id l28csp790645imf; Mon, 3 Jan 2022 04:07:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJxuWmvuLO5hFjvA36IA4I00vSbdyGmdriJTuwqp/aXd+WFpatO9lX2XYUup4zcl2NUiggBT X-Received: by 2002:a05:6402:3d9:: with SMTP id t25mr40400496edw.70.1641211669418; Mon, 03 Jan 2022 04:07:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1641211669; cv=none; d=google.com; s=arc-20160816; b=QkOFIBtK9e7kFXKg5NhIpZojQW21dqq+QCt0Xl5qshFfOJwtjNEKN1ngmBZhqTJWVA QHILmuJD1GROSu/KsRb6fqOjy0sSTtSIZpjSqsfo4nk0wOhJDhyGkdiBfGlBKrG5uLO4 ChJnvMrj8lMLWzKPQBd3FWMpDbD0uwcaqsRyyhT5mOuEdrMpwZxVa7aIYTs1kME32xii 0nGQZVnODUPWYr1s8kid4i/hxok4dXse16oAzdh7EzWkgcnfle/XIQKe8VGHLK5fTdki 48+RVSxTGTS70O99V4/X+F/QIMMN+qybqQJe9RFXsojSqtPwEw2jAGTz2ixEGGDAovRY hTUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=tUC1/snOgFWUCMFFzKsaoCwRQZ1F3tbYzem4pwAFyLc=; b=0CvoEiCaZVLYqG4Bzco0fblWb7OOXty4QCrYG20PKFC+OygG8wMjXkwBQ4bTpxVl8l ThJMcQp0YB3y0kRU1Z4xcr4HZdLzokpxBs9XvamfdOHNYFRypUk928s8y2ap10SPh4jU YqxVy11ZHOLXhbiy50e5nxXVTjj0DKDFls7ge9woxseqn3e37ozPCMlskUcZOIJO0aBl blcVW19WAD1xUOoD+M851oXe05CabFrpZ5v53ONDInZ+JmeT9FhQECRWhofpUzycEwip OgypX91bRKz1stlPx1PHq1lBs6BPfKTstgtXGi6od57j5ps6wTzbgpHjQzD7alm52Lkc Yc+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NxJpx7wQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id la12si15657522ejb.134.2022.01.03.04.07.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jan 2022 04:07:49 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NxJpx7wQ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BFD2480FAE; Mon, 3 Jan 2022 13:07:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="NxJpx7wQ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8FA948141B; Mon, 3 Jan 2022 13:07:45 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8ECAC8002A for ; Mon, 3 Jan 2022 13:07:41 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x32c.google.com with SMTP id g7-20020a7bc4c7000000b00345c4bb365aso18280033wmk.4 for ; Mon, 03 Jan 2022 04:07:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=tUC1/snOgFWUCMFFzKsaoCwRQZ1F3tbYzem4pwAFyLc=; b=NxJpx7wQ2jjX6s/B18pb80V4/2+NAiLgiV6OteCZ8nmi0gQBCWx/XHUVsucvr3Muut lIIrnihGSM+D0gSqFdcsxxjuwRCKJEKyKQOalELo8NgT5uC7MLblv45qJA64ieyRavR6 sOO/NArk9HXOVHmgg+ciwKlLHBo+Go4cbOVh9TCD3mCYjuOTQ1B7bOwdzShdEvwW39Ix 6g1A87wUCQ1f25euH74n0GKeuXbpxvkQ+3tpAMiDDnnkPhvmpO0QHvirTDoKmCCZRajJ VSLmfwkfSq1looXWCM0tcRKnpgM+Le1J1h8dWNVAQS7uhCmKgiQOkm8M4qQjO52Yb2Gg enLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=tUC1/snOgFWUCMFFzKsaoCwRQZ1F3tbYzem4pwAFyLc=; b=QsCEf0IBEGHqSyWP6E1HZU2njo41BKsDx95EPmL6kLIJD9xo3s3M9+QwfRRcQvr1dR eH3JxHbKERQe+kZYdq5PkhulsOxBTi7QT+j+jdXvHMQERvkQcVnvB9TSMYSWT/XZJUWs qzbaXlI19nL3RdlRX7v8H9ONPZ6Au8AF9UtB+jjxIsrZ/rqUvo/1+lOwVCypCc9DQxsE vIFdEDcu4Gabc2VHb5ygrVXAwWhYPwaoD0WMPoqF5XfjxqMWzL3JYTkKwvxycGGe1Vz/ twqDOv9UuONpJ6iKSXs9sgB9Gr0f/uFn7HhAMorYZe6cpxsHey8U60xOoyjJb77EhKoo Ds2g== X-Gm-Message-State: AOAM533+3Pcj3+H16b8/xcCFeCfDS6983fs872qjfOMi1wxugo34LrkY COZlxudKCdyyMPTRFt+jqxVSHw== X-Received: by 2002:a7b:ce16:: with SMTP id m22mr38888121wmc.149.1641211661112; Mon, 03 Jan 2022 04:07:41 -0800 (PST) Received: from hades.. ([2a02:587:46a6:e776:230:64ff:fe3b:505d]) by smtp.gmail.com with ESMTPSA id n15sm34108007wru.66.2022.01.03.04.07.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jan 2022 04:07:40 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: Ilias Apalodimas , Ard Biesheuvel , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH v3] efi_loader: Get rid of kaslr-seed if EFI_RNG_PROTOCOL is installed Date: Mon, 3 Jan 2022 14:07:37 +0200 Message-Id: <20220103120738.47835-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.38 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen node. That would be problematic in case we want to measure the DTB we install in the config table, since it would change across reboots. The Linux kernel EFI-stub completely ignores it and only relies on EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization of the physical placement of the kernel). In fact it (blindly) overwrites the existing seed if the protocol is installed. However it still uses it for randomizing it's virtual placement. So let's get rid of it in the presence of the RNG protocol. It's worth noting that TPMs also provide an RNG. So if we tweak our EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device is present the 'kaslr-seed' property will always be removed, allowing us to reliably measure our DTB. Acked-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas Reviewed-by: Mark Kettenis --- changes since v2: - Mark proposed a better commit message description changes since v1: - Only removing the property if EFI_RNG_PROTOCOL is installed, since some OS'es rely on kaslr-seed - Only display an error message if the kaslr-seed entry was found but not removed cmd/bootefi.c | 2 ++ include/efi_loader.h | 2 ++ lib/efi_loader/efi_dt_fixup.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/cmd/bootefi.c b/cmd/bootefi.c index d77d3b6e943d..57f13ce701ec 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -310,6 +310,8 @@ efi_status_t efi_install_fdt(void *fdt) /* Create memory reservations as indicated by the device tree */ efi_carve_out_dt_rsv(fdt); + efi_try_purge_kaslr_seed(fdt); + /* Install device tree as UEFI table */ ret = efi_install_configuration_table(&efi_guid_fdt, fdt); if (ret != EFI_SUCCESS) { diff --git a/include/efi_loader.h b/include/efi_loader.h index 9dd6c2033634..1fe003db69e0 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -519,6 +519,8 @@ efi_status_t EFIAPI efi_convert_pointer(efi_uintn_t debug_disposition, void **address); /* Carve out DT reserved memory ranges */ void efi_carve_out_dt_rsv(void *fdt); +/* Purge unused kaslr-seed */ +void efi_try_purge_kaslr_seed(void *fdt); /* Called by bootefi to make console interface available */ efi_status_t efi_console_register(void); /* Called by bootefi to make all disk storage accessible as EFI objects */ diff --git a/lib/efi_loader/efi_dt_fixup.c b/lib/efi_loader/efi_dt_fixup.c index b6fe5d2e5a34..d3923e5dba1b 100644 --- a/lib/efi_loader/efi_dt_fixup.c +++ b/lib/efi_loader/efi_dt_fixup.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include @@ -40,6 +41,38 @@ static void efi_reserve_memory(u64 addr, u64 size, bool nomap) addr, size); } +/** + * efi_try_purge_kaslr_seed() - Remove unused kaslr-seed + * + * Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization + * and completely ignores the kaslr-seed for its own randomness needs + * (i.e the randomization of the physical placement of the kernel). + * Weed it out from the DTB we hand over, which would mess up our DTB + * TPM measurements as well. + * + * @fdt: Pointer to device tree + */ +void efi_try_purge_kaslr_seed(void *fdt) +{ + const efi_guid_t efi_guid_rng_protocol = EFI_RNG_PROTOCOL_GUID; + struct efi_handler *handler; + efi_status_t ret; + int nodeoff = 0; + int err = 0; + + ret = efi_search_protocol(efi_root, &efi_guid_rng_protocol, &handler); + if (ret != EFI_SUCCESS) + return; + + nodeoff = fdt_path_offset(fdt, "/chosen"); + if (nodeoff < 0) + return; + + err = fdt_delprop(fdt, nodeoff, "kaslr-seed"); + if (err < 0 && err != -FDT_ERR_NOTFOUND) + log_err("Error deleting kaslr-seed\n"); +} + /** * efi_carve_out_dt_rsv() - Carve out DT reserved memory ranges *