From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Ard Biesheuvel <ardb@kernel.org>, "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org,
Lennart Poettering <lennart@poettering.net>
Subject: Re: [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables
Date: Wed, 16 Nov 2022 14:42:11 -0500 [thread overview]
Message-ID: <7837b12a39b1d6721387ca95554c79003bd16c4e.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAMj1kXHZ60DCz6zgOqfQ-jBEuhc3XwvhieNbJUCY40hdEWt9CQ@mail.gmail.com>
On Wed, 2022-11-16 at 18:04 +0100, Ard Biesheuvel wrote:
> On Wed, 16 Nov 2022 at 17:17, Jason A. Donenfeld <Jason@zx2c4.com>
> wrote:
> >
> > Variables in the random seed GUID must remain secret, so deny all
> > reads
> > to them.
> >
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > ---
> > fs/efivarfs/file.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c
> > index d57ee15874f9..08996ba3a373 100644
> > --- a/fs/efivarfs/file.c
> > +++ b/fs/efivarfs/file.c
> > @@ -76,6 +76,9 @@ static ssize_t efivarfs_file_read(struct file
> > *file, char __user *userbuf,
> > while (!__ratelimit(&file->f_cred->user->ratelimit))
> > msleep(50);
> >
> > + if (guid_equal(&var->var.VendorGuid,
> > &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
> > + return -EPERM;
> > +
> > err = efivar_entry_size(var, &datasize);
> >
> > /*
>
> I'd prefer it if we could just disregard them entirely, i.e., never
> enumerate them so that they don't appear in the file system.
It would be nice if they could be boot services only ... then they
disappear naturally, but that would mean the rng would have to
initialize and save in the EFI stub before ExitBootServices, which
doesn't seem practical.
James
next prev parent reply other threads:[~2022-11-16 19:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 16:16 [PATCH RFC v1 0/6] Use EFI variables for random seed Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 1/6] random: add back async readiness notifier Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 2/6] vsprintf: initialize siphash key using notifier Jason A. Donenfeld
2022-11-18 14:16 ` Petr Mladek
2022-11-18 14:20 ` Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 3/6] efi: random: combine bootloader provided RNG seed with RNG protocol output Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 4/6] efi: stub: use random seed from EFI variable Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables Jason A. Donenfeld
2022-11-16 17:04 ` Ard Biesheuvel
2022-11-16 18:56 ` Jason A. Donenfeld
2022-11-16 19:42 ` James Bottomley [this message]
2022-11-16 20:08 ` Jason A. Donenfeld
2022-11-27 21:36 ` James Bottomley
2022-11-16 16:16 ` [PATCH RFC v1 6/6] efi: refresh non-volatile random seed when RNG is initialized Jason A. Donenfeld
2022-11-16 17:59 ` [PATCH RFC v1 0/6] Use EFI variables for random seed Lennart Poettering
2022-11-16 18:57 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7837b12a39b1d6721387ca95554c79003bd16c4e.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=lennart@poettering.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox