[PATCH] efi_loader: Get rid of kaslr-seed
Ard Biesheuvel
ardb at kernel.org
Thu Dec 16 16:28:06 CET 2021
On Thu, 16 Dec 2021 at 16:25, Mark Kettenis <mark.kettenis at xs4all.nl> wrote:
>
> > From: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > Date: Thu, 16 Dec 2021 16:52:08 +0200
> >
> > Right now we unconditionally pass a 'kaslr-seed' property to the kernel
> > if the DTB we ended up in EFI includes the entry. However the kernel
> > EFI stub completely ignores it and only relies on EFI_RNG_PROTOCOL.
> > So let's get rid of it unconditionally since it would mess up the
> > (upcoming) DTB TPM measuring as well.
>
> NAK
>
> OpenBSD uses the kaslr-seed property in the bootloader to mix in some
> additional entropy. (It will also use EFI_RNG_PROTOCOL if it is
> avilable, but most U-Boot boards don't provide that, or at least not
> yet).
>
What is the point of using both the DT property and the protocol if
both are available?
> Even on Linux the EFI stub isn't the only way to load a Linux kernel.
> You can use a conventional EFI bootloader like grub.
>
No, you cannot, at least not on architectures other than x86. GRUB on
ARM always boots via the EFI stub.
More information about the U-Boot
mailing list