From: Greg Kroah-Hartman Date: Thu, 12 Jan 2023 13:02:39 +0000 (+0100) Subject: drop efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch... X-Git-Tag: v5.10.163~17 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bdea31c2bfcd18fd116a4d33b967759471823e14;p=thirdparty%2Fkernel%2Fstable-queue.git drop efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch from 5.4 --- diff --git a/queue-5.4/efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch b/queue-5.4/efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch deleted file mode 100644 index 42b23ae38f1..00000000000 --- a/queue-5.4/efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch +++ /dev/null @@ -1,286 +0,0 @@ -From 196dff2712ca5a2e651977bb2fe6b05474111a83 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Thu, 20 Oct 2022 10:39:10 +0200 -Subject: efi: random: combine bootloader provided RNG seed with RNG protocol output - -From: Ard Biesheuvel - -commit 196dff2712ca5a2e651977bb2fe6b05474111a83 upstream. - -Instead of blindly creating the EFI random seed configuration table if -the RNG protocol is implemented and works, check whether such a EFI -configuration table was provided by an earlier boot stage and if so, -concatenate the existing and the new seeds, leaving it up to the core -code to mix it in and credit it the way it sees fit. - -This can be used for, e.g., systemd-boot, to pass an additional seed to -Linux in a way that can be consumed by the kernel very early. In that -case, the following definitions should be used to pass the seed to the -EFI stub: - -struct linux_efi_random_seed { - u32 size; // of the 'seed' array in bytes - u8 seed[]; -}; - -The memory for the struct must be allocated as EFI_ACPI_RECLAIM_MEMORY -pool memory, and the address of the struct in memory should be installed -as a EFI configuration table using the following GUID: - -LINUX_EFI_RANDOM_SEED_TABLE_GUID 1ce1e5bc-7ceb-42f2-81e5-8aadf180f57b - -Note that doing so is safe even on kernels that were built without this -patch applied, but the seed will simply be overwritten with a seed -derived from the EFI RNG protocol, if available. The recommended seed -size is 32 bytes, and seeds larger than 512 bytes are considered -corrupted and ignored entirely. - -In order to preserve forward secrecy, seeds from previous bootloaders -are memzero'd out, and in order to preserve memory, those older seeds -are also freed from memory. Freeing from memory without first memzeroing -is not safe to do, as it's possible that nothing else will ever -overwrite those pages used by EFI. - -Reviewed-by: Jason A. Donenfeld -[ardb: incorporate Jason's followup changes to extend the maximum seed - size on the consumer end, memzero() it and drop a needless printk] -Signed-off-by: Ard Biesheuvel -Signed-off-by: Jason A. Donenfeld -Signed-off-by: Greg Kroah-Hartman ---- - arch/x86/boot/compressed/eboot.c | 3 + - drivers/firmware/efi/efi.c | 4 - - drivers/firmware/efi/libstub/Makefile | 5 + - drivers/firmware/efi/libstub/efistub.h | 3 - - drivers/firmware/efi/libstub/random.c | 86 +++++++++++++++++++++++++++------ - include/linux/efi.h | 2 - 6 files changed, 83 insertions(+), 20 deletions(-) - ---- a/arch/x86/boot/compressed/eboot.c -+++ b/arch/x86/boot/compressed/eboot.c -@@ -782,6 +782,9 @@ efi_main(struct efi_config *c, struct bo - - /* Ask the firmware to clear memory on unclean shutdown */ - efi_enable_reset_attack_mitigation(sys_table); -+ -+ efi_random_get_seed(sys_table); -+ - efi_retrieve_tpm2_eventlog(sys_table); - - setup_graphics(boot_params); ---- a/drivers/firmware/efi/efi.c -+++ b/drivers/firmware/efi/efi.c -@@ -546,7 +546,7 @@ int __init efi_config_parse_tables(void - - seed = early_memremap(efi.rng_seed, sizeof(*seed)); - if (seed != NULL) { -- size = min(seed->size, EFI_RANDOM_SEED_SIZE); -+ size = min_t(u32, seed->size, SZ_1K); // sanity check - early_memunmap(seed, sizeof(*seed)); - } else { - pr_err("Could not map UEFI random seed!\n"); -@@ -555,8 +555,8 @@ int __init efi_config_parse_tables(void - seed = early_memremap(efi.rng_seed, - sizeof(*seed) + size); - if (seed != NULL) { -- pr_notice("seeding entropy pool\n"); - add_bootloader_randomness(seed->bits, size); -+ memzero_explicit(seed->bits, size); - early_memunmap(seed, sizeof(*seed) + size); - } else { - pr_err("Could not map UEFI random seed!\n"); ---- a/drivers/firmware/efi/libstub/Makefile -+++ b/drivers/firmware/efi/libstub/Makefile -@@ -39,7 +39,8 @@ OBJECT_FILES_NON_STANDARD := y - # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. - KCOV_INSTRUMENT := n - --lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o -+lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o \ -+ random.o - - # include the stub's generic dependencies from lib/ when building for ARM/arm64 - arm-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c -@@ -48,7 +49,7 @@ arm-deps-$(CONFIG_ARM64) += sort.c - $(obj)/lib-%.o: $(srctree)/lib/%.c FORCE - $(call if_changed_rule,cc_o_c) - --lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o random.o \ -+lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o \ - $(patsubst %.c,lib-%.o,$(arm-deps-y)) - - lib-$(CONFIG_ARM) += arm32-stub.o ---- a/drivers/firmware/efi/libstub/efistub.h -+++ b/drivers/firmware/efi/libstub/efistub.h -@@ -34,6 +34,7 @@ extern int __pure novamap(void); - } while (0) - - #define pr_efi_err(sys_table, msg) efi_printk(sys_table, "EFI stub: ERROR: "msg) -+#define pr_efi_warn(sys_table, msg) efi_printk(sys_table, "EFI stub: WARNING: "msg) - - void efi_char16_printk(efi_system_table_t *, efi_char16_t *); - -@@ -63,8 +64,6 @@ efi_status_t efi_random_alloc(efi_system - - efi_status_t check_platform_features(efi_system_table_t *sys_table_arg); - --efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg); -- - void *get_efi_config_table(efi_system_table_t *sys_table, efi_guid_t guid); - - /* Helper macros for the usual case of using simple C variables: */ ---- a/drivers/firmware/efi/libstub/random.c -+++ b/drivers/firmware/efi/libstub/random.c -@@ -9,12 +9,22 @@ - - #include "efistub.h" - --struct efi_rng_protocol { -+typedef struct efi_rng_protocol { - efi_status_t (*get_info)(struct efi_rng_protocol *, - unsigned long *, efi_guid_t *); - efi_status_t (*get_rng)(struct efi_rng_protocol *, - efi_guid_t *, unsigned long, u8 *out); --}; -+} efi_rng_protocol_t; -+ -+typedef struct { -+ u32 get_info; -+ u32 get_rng; -+} efi_rng_protocol_32_t; -+ -+typedef struct { -+ u64 get_info; -+ u64 get_rng; -+} efi_rng_protocol_64_t; - - efi_status_t efi_get_random_bytes(efi_system_table_t *sys_table_arg, - unsigned long size, u8 *out) -@@ -28,7 +38,7 @@ efi_status_t efi_get_random_bytes(efi_sy - if (status != EFI_SUCCESS) - return status; - -- return rng->get_rng(rng, NULL, size, out); -+ return efi_call_proto(efi_rng_protocol, get_rng, rng, NULL, size, out); - } - - /* -@@ -141,13 +151,27 @@ efi_status_t efi_random_alloc(efi_system - return status; - } - -+/** -+ * efi_random_get_seed() - provide random seed as configuration table -+ * -+ * The EFI_RNG_PROTOCOL is used to read random bytes. These random bytes are -+ * saved as a configuration table which can be used as entropy by the kernel -+ * for the initialization of its pseudo random number generator. -+ * -+ * If the EFI_RNG_PROTOCOL is not available or there are not enough random bytes -+ * available, the configuration table will not be installed and an error code -+ * will be returned. -+ * -+ * Return: status code -+ */ - efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg) - { - efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; - efi_guid_t rng_algo_raw = EFI_RNG_ALGORITHM_RAW; - efi_guid_t rng_table_guid = LINUX_EFI_RANDOM_SEED_TABLE_GUID; -- struct efi_rng_protocol *rng; -- struct linux_efi_random_seed *seed; -+ struct linux_efi_random_seed *prev_seed, *seed = NULL; -+ int prev_seed_size = 0, seed_size = EFI_RANDOM_SEED_SIZE; -+ struct efi_rng_protocol *rng = NULL; - efi_status_t status; - - status = efi_call_early(locate_protocol, &rng_proto, NULL, -@@ -155,34 +179,68 @@ efi_status_t efi_random_get_seed(efi_sys - if (status != EFI_SUCCESS) - return status; - -- status = efi_call_early(allocate_pool, EFI_RUNTIME_SERVICES_DATA, -- sizeof(*seed) + EFI_RANDOM_SEED_SIZE, -+ /* -+ * Check whether a seed was provided by a prior boot stage. In that -+ * case, instead of overwriting it, let's create a new buffer that can -+ * hold both, and concatenate the existing and the new seeds. -+ * Note that we should read the seed size with caution, in case the -+ * table got corrupted in memory somehow. -+ */ -+ prev_seed = get_efi_config_table(sys_table_arg, LINUX_EFI_RANDOM_SEED_TABLE_GUID); -+ if (prev_seed && prev_seed->size <= 512U) { -+ prev_seed_size = prev_seed->size; -+ seed_size += prev_seed_size; -+ } -+ -+ /* -+ * Use EFI_ACPI_RECLAIM_MEMORY here so that it is guaranteed that the -+ * allocation will survive a kexec reboot (although we refresh the seed -+ * beforehand) -+ */ -+ status = efi_call_early(allocate_pool, EFI_ACPI_RECLAIM_MEMORY, -+ struct_size(seed, bits, seed_size), - (void **)&seed); -- if (status != EFI_SUCCESS) -- return status; -+ if (status != EFI_SUCCESS) { -+ pr_efi_warn(sys_table_arg, "Failed to allocate memory for RNG seed.\n"); -+ goto err_warn; -+ } - -- status = rng->get_rng(rng, &rng_algo_raw, EFI_RANDOM_SEED_SIZE, -- seed->bits); -+ status = efi_call_proto(efi_rng_protocol, get_rng, rng, &rng_algo_raw, -+ EFI_RANDOM_SEED_SIZE, seed->bits); - if (status == EFI_UNSUPPORTED) - /* - * Use whatever algorithm we have available if the raw algorithm - * is not implemented. - */ -- status = rng->get_rng(rng, NULL, EFI_RANDOM_SEED_SIZE, -- seed->bits); -+ status = efi_call_proto(efi_rng_protocol, get_rng, rng, NULL, -+ EFI_RANDOM_SEED_SIZE, seed->bits); - - if (status != EFI_SUCCESS) - goto err_freepool; - -- seed->size = EFI_RANDOM_SEED_SIZE; -+ seed->size = seed_size; -+ if (prev_seed_size) -+ memcpy(seed->bits + EFI_RANDOM_SEED_SIZE, prev_seed->bits, -+ prev_seed_size); -+ - status = efi_call_early(install_configuration_table, &rng_table_guid, - seed); - if (status != EFI_SUCCESS) - goto err_freepool; - -+ if (prev_seed_size) { -+ /* wipe and free the old seed if we managed to install the new one */ -+ memzero_explicit(prev_seed->bits, prev_seed_size); -+ efi_call_early(free_pool, prev_seed); -+ } - return EFI_SUCCESS; - - err_freepool: -+ memzero_explicit(seed, struct_size(seed, bits, seed_size)); - efi_call_early(free_pool, seed); -+ pr_efi_warn(sys_table_arg, "Failed to obtain seed from EFI_RNG_PROTOCOL\n"); -+err_warn: -+ if (prev_seed) -+ pr_efi_warn(sys_table_arg, "Retaining bootloader-supplied seed only"); - return status; - } ---- a/include/linux/efi.h -+++ b/include/linux/efi.h -@@ -1653,6 +1653,8 @@ static inline void - efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) { } - #endif - -+efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg); -+ - void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table); - - /* diff --git a/queue-5.4/series b/queue-5.4/series index a3597168fc4..080a3e6a319 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -596,7 +596,6 @@ hfs-hfsplus-use-warn_on-for-sanity-check.patch hfs-hfsplus-avoid-warn_on-for-sanity-check-use-proper-error-handling.patch mbcache-avoid-nesting-of-cache-c_list_lock-under-bit-locks.patch parisc-align-parisc-madv_xxx-constants-with-all-other-architectures.patch -efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch selftests-fix-kselftest-o-objdir-build-from-cluttering-top-level-objdir.patch selftests-set-the-build-variable-to-absolute-path.patch driver-core-fix-bus_type.match-error-handling-in-__driver_attach.patch