[U-Boot] [PATCH 2/2] arm64: booti: allow to place kernel image anywhere in physical memory

Tom Rini trini at konsulko.com
Tue Mar 7 14:12:43 UTC 2017


On Tue, Mar 07, 2017 at 01:54:43PM +0000, Mark Rutland wrote:
> On Tue, Mar 07, 2017 at 07:16:56AM -0500, Tom Rini wrote:
> > On Tue, Mar 07, 2017 at 11:43:52AM +0000, Mark Rutland wrote:
> > > On Tue, Feb 28, 2017 at 12:15:09PM -0500, Tom Rini wrote:
> > > > On Wed, Mar 01, 2017 at 02:03:58AM +0900, Masahiro Yamada wrote:
> > > > > 2017-02-27 7:41 GMT+09:00 Tom Rini <trini at konsulko.com>:
> > > > > If we put the image at 2MiB aligned base, the relocation would
> > > > > always happen.
> > > > 
> > > > Correct.  But I honestly don't know if non-randomized text offset is the
> > > > common case people will optimize for or randomized for added security will be
> > > > the more common case.  
> > > 
> > > FWIW, the randomized text_offset is a bootloader debugging/testing
> > > feature, and there's no security aspect to it.
> > > 
> > > It was added [1] as an additional to hint to bootloader authors that
> > > they must respect the text_offset field.
> > 
> > Right, and we do this today.  But since this doubles as a kind of cheap
> > KASLR I would also expect to see it used, even if not intended, in this
> > way.
> 
> I can certainly imagine people loading the kernel at a random physical
> base address (i.e. a random 2M base + text_offset), and doing that's
> perfectly fine for kernels happy to be loaded at arbitrary bases. That
> may help to frustrate some DMA attacks.
> 
> I take it that's what you meant?
> 
> Given text_offset itself is fixed at compile time, randomizing it
> provides absolutely no security benefit, and we should be careful not to
> give the impression that it does.

I was thinking that since it's randomized per compile and the likely
number of instances not running some stock kernel, that would further
add to frustrating some DMA attacks.  But, no, that's not really
correct.  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20170307/d43d19c9/attachment.sig>


More information about the U-Boot mailing list