From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 9ABEAC433F5
	for <u-boot@archiver.kernel.org>; Sun,  2 Jan 2022 20:50:46 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 7294582FB5;
	Sun,  2 Jan 2022 21:50:43 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="aA5MxyM2";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 64B5283049; Sun,  2 Jan 2022 21:50:42 +0100 (CET)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com
 [IPv6:2a00:1450:4864:20::52b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 1006182F5E
 for <u-boot@lists.denx.de>; Sun,  2 Jan 2022 21:50:39 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-ed1-x52b.google.com with SMTP id j21so128802812edt.9
 for <u-boot@lists.denx.de>; Sun, 02 Jan 2022 12:50:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=GdDvFSHyrXpoyzqVqfVTbL73UP4xjsgTqHyHkDSH/vo=;
 b=aA5MxyM2CmAEu4ocXnm5apPBAlijyN9YfqClFc2j33F1U+9EXpBZLw2PABdS3GlWCZ
 EI91TNr2rrdT0bcxlz46UZfGc3zMhlV7qPbUmnpKJ0PwenXxUFkAOzt6P70rmronJEO8
 W/l5eGyYQ5Mg7pqlJzfNdCuFppRYUfjsJLIvGnHmDvOBiqB7BKA+ljeZeo3NKblFdwts
 HHouVJCdf+l45EYSi0nZnDIh1mp8Xrr4r9AWPRUE9NjrNly2qkS5MMNx5U4CmzjF63Cj
 4RhaoVznojJS3PsTEaQ2qlyf7dqFRYMCmE9vXOGhLMkyP7lhS0nXZwzxKxumGnCWUqOA
 j9Mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=GdDvFSHyrXpoyzqVqfVTbL73UP4xjsgTqHyHkDSH/vo=;
 b=OGLze8hxb+wq6YBWxnrsAVhHrO7/pT0u/IuCYxkwCbJsfdPCwn5j6nQKcOxLE/vAMJ
 OrJp8Zn05Pd6TyqNXXcoQ+xqHZF2X3qLmFUodXmOKQ6ps1X20BDRy2CMGEAeyhB72FAC
 OaCnSMygjGkUnD/4aaJT0sa3LOZqUD7gyr8UPmidTWE8WjQsh8ACztrm403EhDz95Zqe
 Ymre3uxrAuBQ0KK2Lnc0ZMq1gsRfifyKclO7gHSdMj63OB+/z8fvINLz1vk+5+5YlO6l
 Ye909tATnxPcxRK3XnLhOFIQG154iIfHOYCnWmGpdDa1OBpiLp2oClke038gf3FiLKT3
 Nibg==
X-Gm-Message-State: AOAM533CIcg+X6ry7jlT7jDQSdozaVFBERKpWQUALfkr5yNCqof/5EJw
 Coer9+Qqsg0RTmBAcP4BRpp0+A==
X-Google-Smtp-Source: ABdhPJxp9QFCMkvyb9R3DWEHiXSY37Ne38yoCazWziKvxCMB+P3s6Uuu5nmB/1Or47BjPGPj2i57UA==
X-Received: by 2002:a17:906:5208:: with SMTP id
 g8mr33583866ejm.634.1641156638405; 
 Sun, 02 Jan 2022 12:50:38 -0800 (PST)
Received: from hades (athedsl-4461669.home.otenet.gr. [94.71.4.85])
 by smtp.gmail.com with ESMTPSA id j21sm10040847ejj.133.2022.01.02.12.50.37
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 02 Jan 2022 12:50:37 -0800 (PST)
Date: Sun, 2 Jan 2022 22:50:35 +0200
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: ardb@kernel.org, agraf@csgraf.de, u-boot@lists.denx.de,
 Mark Kettenis <mark.kettenis@xs4all.nl>
Subject: Re: [PATCH v2] efi_loader: Get rid of kaslr-seed
Message-ID: <YdIQG8hQ1QhPRdLR@hades>
References: <20211217070644.2458603-1-ilias.apalodimas@linaro.org>
 <d3cb5afa52d17245@bloch.sibelius.xs4all.nl>
 <YbxzTzeIyW335kfG@hades>
 <d3cb5b2ded0eedcf@bloch.sibelius.xs4all.nl>
 <aa8bcb4f-0e33-0fe8-c24a-c7b9708e46dc@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <aa8bcb4f-0e33-0fe8-c24a-c7b9708e46dc@gmx.de>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.38
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Hi Heinrich,

> > > > > 

[...]

> > > > > diff --git a/cmd/bootefi.c b/cmd/bootefi.c
> > > > > index d77d3b6e943d..57f13ce701ec 100644
> > > > > --- a/cmd/bootefi.c
> > > > > +++ b/cmd/bootefi.c
> > > > > @@ -310,6 +310,8 @@ efi_status_t efi_install_fdt(void *fdt)
> > > > >   	/* Create memory reservations as indicated by the device tree */
> > > > >   	efi_carve_out_dt_rsv(fdt);
> > > > > 
> > > > > +	efi_try_purge_kaslr_seed(fdt);
> 
> This function should only be invoked for CONFIG_EFI_TCG2_PROTOCOL=y.

Why?  As we discussed the kernel ignores the kaslr-seed for the
physical randomization.  The only reason we would like to keep it is 
for the randomization of the virtual address.  But if the EFI
RNG protocol is installed the EFI stub is already doing the right thing. 
So I really think purging it if EFI RNG is installed is the best option
here (regardless of TPM measurements)

> > > > > +
> > > > >   	/* Install device tree as UEFI table */
> > > > >   	ret = efi_install_configuration_table(&efi_guid_fdt, fdt);
> > > > >   	if (ret != EFI_SUCCESS) {
> > > > > diff --git a/include/efi_loader.h b/include/efi_loader.h
> > > > > index 9dd6c2033634..1fe003db69e0 100644
> > > > > --- a/include/efi_loader.h
> > > > > +++ b/include/efi_loader.h
> > > > > @@ -519,6 +519,8 @@ efi_status_t EFIAPI efi_convert_pointer(efi_uintn_t debug_disposition,
> > > > >   					void **address);
> > > > >   /* Carve out DT reserved memory ranges */
> > > > >   void efi_carve_out_dt_rsv(void *fdt);
> > > > > +/* Purge unused kaslr-seed */
> > > > > +void efi_try_purge_kaslr_seed(void *fdt);
> > > > >   /* Called by bootefi to make console interface available */
> > > > >   efi_status_t efi_console_register(void);
> > > > >   /* Called by bootefi to make all disk storage accessible as EFI objects */
> > > > > diff --git a/lib/efi_loader/efi_dt_fixup.c b/lib/efi_loader/efi_dt_fixup.c
> > > > > index b6fe5d2e5a34..d3923e5dba1b 100644
> > > > > --- a/lib/efi_loader/efi_dt_fixup.c
> > > > > +++ b/lib/efi_loader/efi_dt_fixup.c
> > > > > @@ -8,6 +8,7 @@
> > > > >   #include <common.h>
> > > > >   #include <efi_dt_fixup.h>
> > > > >   #include <efi_loader.h>
> > > > > +#include <efi_rng.h>
> > > > >   #include <fdtdec.h>
> > > > >   #include <mapmem.h>
> > > > > 
> > > > > @@ -40,6 +41,38 @@ static void efi_reserve_memory(u64 addr, u64 size, bool nomap)
> > > > >   			addr, size);
> > > > >   }
> > > > > 
> > > > > +/**
> > > > > + * efi_try_purge_kaslr_seed() - Remove unused kaslr-seed
> > > > > + *
> > > > > + * Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization
> > > > > + * and completely ignores the kaslr-seed for its own randomness needs
> > > > > + * (i.e the randomization of the physical placement of the kernel).
> > > > > + * Weed it out from the DTB we hand over, which would mess up our DTB
> > > > > + * TPM measurements as well.
> > > > > + *
> > > > > + * @fdt: Pointer to device tree
> > > > > + */
> > > > > +void efi_try_purge_kaslr_seed(void *fdt)
> > > > > +{
> > > > > +	const efi_guid_t efi_guid_rng_protocol = EFI_RNG_PROTOCOL_GUID;
> 
> There is not need to check if the RNG protocol is installed. If
> CONFIG_EFI_TCG2_PROTOCOL=y, you should unconditionally remove
> 'kaslr-seed' as it is incompatible with measured boot.

That's not entirely correct.  Right now having the kaslr-seed hurts no one,
since we don't measure the DTB to begin with.  What I intend to do is
expose the RNG hardware of the TPM and use that if the hardware doesn't
provide one already.  This obviously means the kaslr-seed will be removed 
because the RNG protocol will always be installed with the current patch.

I really don't see a connection between a *compile* time option which
might not even have any effect if a TPM is not present, with an entry in
the /chosen node.  IMHO we should merge this patch since it improves
existing use cases.  I'll work on the rest and send patches soon.

Cheers
/Ilias


> 
> Best regards
> 
> Heinrich
> 
> > > > > +	struct efi_handler *handler;
> > > > > +	efi_status_t ret;
> > > > > +	int nodeoff = 0;
> > > > > +	int err = 0;
> > > > > +
> > > > > +	ret = efi_search_protocol(efi_root, &efi_guid_rng_protocol, &handler);
> > > > > +	if (ret != EFI_SUCCESS)
> > > > > +		return;
> > > > > +
> > > > > +	nodeoff = fdt_path_offset(fdt, "/chosen");
> > > > > +	if (nodeoff < 0)
> > > > > +		return;
> > > > > +
> > > > > +	err = fdt_delprop(fdt, nodeoff, "kaslr-seed");
> > > > > +	if (err < 0 && err != -FDT_ERR_NOTFOUND)
> > > > > +		log_err("Error deleting kaslr-seed\n");
> > > > > +}
> > > > > +
> > > > >   /**
> > > > >    * efi_carve_out_dt_rsv() - Carve out DT reserved memory ranges
> > > > >    *
> > > > > --
> > > > > 2.30.2
> > > > > 
> > > > > 
> > >