From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3B23C46467 for ; Sun, 27 Nov 2022 21:36:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229728AbiK0Vgc (ORCPT ); Sun, 27 Nov 2022 16:36:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229607AbiK0Vgc (ORCPT ); Sun, 27 Nov 2022 16:36:32 -0500 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [IPv6:2607:fcd0:100:8a00::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E048BF4B; Sun, 27 Nov 2022 13:36:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1669584990; bh=a9NhAStjD7FLJTivyWouVNmZblRBEYvdKaS6vE5iZdc=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=m1PkZ8tXfACO7QzCEdxlVcZZyQBU2RF/DZDfL/7QR4BhJ/m8UJId2WJSW6tRFaD6X OLUbH58hIgn5D41kMbWhAcNfhDRLVWzuEbR6UP8C1GCP3Dn0xZfjxuTNTKL5D2r296 nJtwT4KXztFZLyU/Jgoe0ndn+a9pbFDqBjBdQQq4= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 5486D128056E; Sun, 27 Nov 2022 16:36:30 -0500 (EST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UOYNxvcUsjU4; Sun, 27 Nov 2022 16:36:30 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1669584989; bh=a9NhAStjD7FLJTivyWouVNmZblRBEYvdKaS6vE5iZdc=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=QXO+AdNUbqf79fXTbSko41JBJobKp2dbpA8q01c5iOMgh2GDnJK2iYTSYwGXHupld jv7DY+aVvqC/0AGb+MVk+yUtbPa7mIstmaBGDMtksI8MWdiRtJRrPOXKvRliWRpUFN oa1P7iKl/3vNbMt7f1ZVT7HbUPxM1c4vVZnf5QE8= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::c14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 601091280520; Sun, 27 Nov 2022 16:36:29 -0500 (EST) Message-ID: Subject: Re: [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables From: James Bottomley To: "Jason A. Donenfeld" Cc: Ard Biesheuvel , linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, Lennart Poettering Date: Sun, 27 Nov 2022 16:36:27 -0500 In-Reply-To: References: <20221116161642.1670235-1-Jason@zx2c4.com> <20221116161642.1670235-6-Jason@zx2c4.com> <7837b12a39b1d6721387ca95554c79003bd16c4e.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, 2022-11-16 at 21:08 +0100, Jason A. Donenfeld wrote: > On Wed, Nov 16, 2022 at 8:42 PM James Bottomley > wrote: > > It would be nice if they could be boot services only ... then they > > disappear naturally, but that would mean the rng would have to > > initialize and save in the EFI stub before ExitBootServices, which > > doesn't seem practical. > > That would be nice, but the whole idea is it gets updated by Linux's > RNG, so that won't work. `boot|runtime` it is, then. But then you can't use the only security mechanism we have in EFI (keeping sensitive information in BS only variables which can only be accessed by EFI signed entities). If you can't take advantage of that then there's no security point in placing the seed in EFI and you might as well simply write it to a file. Artificially trying to hide the variables from efivarfs has no real security value either, as I think you can appreciate if you try the thought experiment of trying to get a VFS modification to hide the random seed file past Al ... I'll get the thought experiment popcorn. James