From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Ard Biesheuvel <ardb@kernel.org>,
linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org,
Lennart Poettering <lennart@poettering.net>
Subject: Re: [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables
Date: Sun, 27 Nov 2022 16:36:27 -0500 [thread overview]
Message-ID: <cf70394e2d49393da370e7c7b2bf662c671b3f5e.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAHmME9obGun7zEMKQ1Td4u+rnzi3MexaUAj30W5UMYvJ62mw3Q@mail.gmail.com>
On Wed, 2022-11-16 at 21:08 +0100, Jason A. Donenfeld wrote:
> On Wed, Nov 16, 2022 at 8:42 PM James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> > It would be nice if they could be boot services only ... then they
> > disappear naturally, but that would mean the rng would have to
> > initialize and save in the EFI stub before ExitBootServices, which
> > doesn't seem practical.
>
> That would be nice, but the whole idea is it gets updated by Linux's
> RNG, so that won't work. `boot|runtime` it is, then.
But then you can't use the only security mechanism we have in EFI
(keeping sensitive information in BS only variables which can only be
accessed by EFI signed entities). If you can't take advantage of that
then there's no security point in placing the seed in EFI and you might
as well simply write it to a file.
Artificially trying to hide the variables from efivarfs has no real
security value either, as I think you can appreciate if you try the
thought experiment of trying to get a VFS modification to hide the
random seed file past Al ... I'll get the thought experiment popcorn.
James
next prev parent reply other threads:[~2022-11-27 21:36 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 16:16 [PATCH RFC v1 0/6] Use EFI variables for random seed Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 1/6] random: add back async readiness notifier Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 2/6] vsprintf: initialize siphash key using notifier Jason A. Donenfeld
2022-11-18 14:16 ` Petr Mladek
2022-11-18 14:20 ` Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 3/6] efi: random: combine bootloader provided RNG seed with RNG protocol output Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 4/6] efi: stub: use random seed from EFI variable Jason A. Donenfeld
2022-11-16 16:16 ` [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables Jason A. Donenfeld
2022-11-16 17:04 ` Ard Biesheuvel
2022-11-16 18:56 ` Jason A. Donenfeld
2022-11-16 19:42 ` James Bottomley
2022-11-16 20:08 ` Jason A. Donenfeld
2022-11-27 21:36 ` James Bottomley [this message]
2022-11-16 16:16 ` [PATCH RFC v1 6/6] efi: refresh non-volatile random seed when RNG is initialized Jason A. Donenfeld
2022-11-16 17:59 ` [PATCH RFC v1 0/6] Use EFI variables for random seed Lennart Poettering
2022-11-16 18:57 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf70394e2d49393da370e7c7b2bf662c671b3f5e.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=lennart@poettering.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox