From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Lennart Poettering <lennart@poettering.net>,
stable@vger.kernel.org
Subject: [PATCH v3 1/3] efi: random: reduce seed size to 32 bytes
Date: Thu, 20 Oct 2022 10:39:08 +0200 [thread overview]
Message-ID: <20221020083910.1902009-2-ardb@kernel.org> (raw)
In-Reply-To: <20221020083910.1902009-1-ardb@kernel.org>
We no longer need at least 64 bytes of random seed to permit the early
crng init to complete. The RNG is now based on Blake2s, so reduce the
EFI seed size to the Blake2s hash size, which is sufficient for our
purposes.
While at it, drop the READ_ONCE(), which was supposed to prevent size
from being evaluated after seed was unmapped. However, this cannot
actually happen, so READ_ONCE() is unnecessary here.
Cc: <stable@vger.kernel.org> # v4.14+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/firmware/efi/efi.c | 2 +-
include/linux/efi.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 9624735f1575..a949509de62f 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -609,7 +609,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables,
seed = early_memremap(efi_rng_seed, sizeof(*seed));
if (seed != NULL) {
- size = READ_ONCE(seed->size);
+ size = min(seed->size, EFI_RANDOM_SEED_SIZE);
early_memunmap(seed, sizeof(*seed));
} else {
pr_err("Could not map UEFI random seed!\n");
diff --git a/include/linux/efi.h b/include/linux/efi.h
index da3974bf05d3..cf96f8d5f15f 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1225,7 +1225,7 @@ efi_status_t efi_random_get_seed(void);
arch_efi_call_virt_teardown(); \
})
-#define EFI_RANDOM_SEED_SIZE 64U
+#define EFI_RANDOM_SEED_SIZE 32U // BLAKE2S_HASH_SIZE
struct linux_efi_random_seed {
u32 size;
--
2.35.1
next prev parent reply other threads:[~2022-10-20 8:40 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-20 8:39 [PATCH v3 0/3] efi: consume random seed provided by loader Ard Biesheuvel
2022-10-20 8:39 ` Ard Biesheuvel [this message]
2022-10-21 8:38 ` [PATCH v3 1/3] efi: random: reduce seed size to 32 bytes Ilias Apalodimas
2022-10-20 8:39 ` [PATCH v3 2/3] efi: random: Use 'ACPI reclaim' memory for random seed Ard Biesheuvel
2022-10-21 8:37 ` Ilias Apalodimas
2022-10-20 8:39 ` [PATCH v3 3/3] efi: random: combine bootloader provided RNG seed with RNG protocol output Ard Biesheuvel
2022-10-20 16:56 ` Jason A. Donenfeld
2022-10-20 17:11 ` Ard Biesheuvel
2022-10-20 17:22 ` Jason A. Donenfeld
2022-10-20 16:37 ` [PATCH v3 0/3] efi: consume random seed provided by loader Jason A. Donenfeld
2022-10-20 17:06 ` Ard Biesheuvel
2022-10-20 17:16 ` Jason A. Donenfeld
2022-10-20 17:27 ` Ard Biesheuvel
2022-10-20 17:35 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221020083910.1902009-2-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ilias.apalodimas@linaro.org \
--cc=lennart@poettering.net \
--cc=linux-efi@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox