Re: [PATCH stable] efi: random: combine bootloader provided RNG seed with RNG protocol output

[Greg KH <gregkh@linuxfoundation.org>]

On Tue, Jan 10, 2023 at 05:04:16PM +0100, Jason A. Donenfeld wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
> 
> commit 196dff2712ca5a2e651977bb2fe6b05474111a83 upstream.
> 
> Instead of blindly creating the EFI random seed configuration table if
> the RNG protocol is implemented and works, check whether such a EFI
> configuration table was provided by an earlier boot stage and if so,
> concatenate the existing and the new seeds, leaving it up to the core
> code to mix it in and credit it the way it sees fit.
> 
> This can be used for, e.g., systemd-boot, to pass an additional seed to
> Linux in a way that can be consumed by the kernel very early. In that
> case, the following definitions should be used to pass the seed to the
> EFI stub:
> 
> struct linux_efi_random_seed {
>       u32     size; // of the 'seed' array in bytes
>       u8      seed[];
> };
> 
> The memory for the struct must be allocated as EFI_ACPI_RECLAIM_MEMORY
> pool memory, and the address of the struct in memory should be installed
> as a EFI configuration table using the following GUID:
> 
> LINUX_EFI_RANDOM_SEED_TABLE_GUID        1ce1e5bc-7ceb-42f2-81e5-8aadf180f57b
> 
> Note that doing so is safe even on kernels that were built without this
> patch applied, but the seed will simply be overwritten with a seed
> derived from the EFI RNG protocol, if available. The recommended seed
> size is 32 bytes, and seeds larger than 512 bytes are considered
> corrupted and ignored entirely.
> 
> In order to preserve forward secrecy, seeds from previous bootloaders
> are memzero'd out, and in order to preserve memory, those older seeds
> are also freed from memory. Freeing from memory without first memzeroing
> is not safe to do, as it's possible that nothing else will ever
> overwrite those pages used by EFI.
> 
> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
> [ardb: incorporate Jason's followup changes to extend the maximum seed
>        size on the consumer end, memzero() it and drop a needless printk]
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
>  drivers/firmware/efi/efi.c             |  4 +--
>  drivers/firmware/efi/libstub/efistub.h |  2 ++
>  drivers/firmware/efi/libstub/random.c  | 42 ++++++++++++++++++++++----
>  include/linux/efi.h                    |  2 --
>  4 files changed, 40 insertions(+), 10 deletions(-)

Now queued up, thanks.

greg k-h