From: ardb@kernel.org
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@google.com>, Marc Zyngier <maz@kernel.org>,
Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>,
David Brazdil <dbrazdil@google.com>,
Fuad Tabba <tabba@google.com>, Kees Cook <keescook@chromium.org>
Subject: [RFC PATCH v0 6/6] Temporarily pass the kaslr seed via register X1
Date: Mon, 14 Mar 2022 09:26:44 +0100 [thread overview]
Message-ID: <20220314082644.3436071-7-ardb@kernel.org> (raw)
In-Reply-To: <20220314082644.3436071-1-ardb@kernel.org>
From: Ard Biesheuvel <ardb@google.com>
Currently, we boot the kernel via its 'bare metal' entry point, rather
than via the EFI entry point, as we haven't implemented EFI yet.
Booting with the MMU enabled requires that the KASLR seed is known
before setting up the page tables, as we will do so only once, rather
than twice when reading the seed from the DT. For this reason, the EFI
stub passes the KASLR seed via register X1 as well as the kaslr-seed
property in chosen, and those values need to be in sync.
So as long as we are not using the EFI entry point, pass the DT's
kaslr-seed value via register X1 at boot.
---
src/main.rs | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/main.rs b/src/main.rs
index 81208c18d094..ad12e069372f 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -118,9 +118,21 @@ extern "C" fn efilite_main(base: usize, mapped: usize, used: usize) {
paging::map_range(LOAD_ADDRESS as u64, code_size, nor_flags);
paging::activate();
+ // TODO remove this once we boot via the EFI entry point
+ // passing the kaslr seed via x1 is part of the stub's internal boot protocol
+ let kaslr_seed: u64 = {
+ let mut seed: u64 = 0;
+ let chosen = fdt.find_node("/chosen").unwrap();
+ if let Some(prop) = chosen.property("kaslr-seed") {
+ seed = prop.as_usize().unwrap() as _;
+ info!("/chosen/kaslr-seed: {:#x}\n", seed);
+ };
+ seed
+ };
+
unsafe {
let entrypoint: EntryFn = core::mem::transmute(LOAD_ADDRESS);
- entrypoint(&_dtb as *const _, 0, 0, 0);
+ entrypoint(&_dtb as *const _, kaslr_seed, 0, 0);
}
}
--
2.30.2
prev parent reply other threads:[~2022-03-14 8:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-14 8:26 [RFC PATCH v0 0/6] Minimal Linux/arm64 VM firmware (written in Rust) ardb
2022-03-14 8:26 ` [RFC PATCH v0 1/6] Implement a bare metal Rust runtime on top of QEMU's mach-virt ardb
2022-03-14 8:26 ` [RFC PATCH v0 2/6] Add DTB processing ardb
2022-03-14 8:26 ` [RFC PATCH v0 3/6] Add paging code to manage the full ID map ardb
2022-03-14 8:26 ` [RFC PATCH v0 4/6] Discover QEMU fwcfg device and use it to load the kernel ardb
2022-03-14 8:26 ` [RFC PATCH v0 5/6] Remap code section of loaded kernel and boot it ardb
2022-03-14 8:26 ` ardb [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220314082644.3436071-7-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=ardb@google.com \
--cc=dbrazdil@google.com \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=maz@kernel.org \
--cc=qperret@google.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).