[PATCH 1/1] efi_leader: delete rng-seed if having EFI RNG protocol
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Thu Sep 19 16:20:35 CEST 2024
On 19.09.24 16:10, Simon Glass wrote:
> Hi Heinrich,
>
> On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt
> <heinrich.schuchardt at canonical.com> wrote:
>>
>> For measured be boot we must avoid any volatile values in the device-tree.
>> We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.
>
> Could you explain a bit why this is, and where this is checked?
>>
>> Additionally remove /chosen/rng-seed provided by QEMU or U-Boot.
Measured boot relies on creating hashes of artifacts and writing these
to TPM. If the hashes don't match the OS will either warn or refuse to
boot. The device-tree is one of the artifacts that are measured.
If we have random values in /chosen, measured boot will fail.
When an EFI RNG protocol is provided by the firmware, GRUB and the
kernel will use it instead of /chosen/rng-seed and /chosen/kaslr-seed.
Best regards
Heinrich
>>
>> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
>> ---
>> include/efi_loader.h | 2 +-
>> lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++-----
>> lib/efi_loader/efi_helper.c | 2 +-
>> 3 files changed, 12 insertions(+), 7 deletions(-)
>
> [..]
>
> Regards,
> Simon
More information about the U-Boot
mailing list