[PATCH 1/1] efi_leader: delete rng-seed if having EFI RNG protocol
Ilias Apalodimas
ilias.apalodimas at linaro.org
Thu Sep 19 16:31:23 CEST 2024
Hi all,
On Thu, 19 Sept 2024 at 17:20, Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> On 19.09.24 16:10, Simon Glass wrote:
> > Hi Heinrich,
> >
> > On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt
> > <heinrich.schuchardt at canonical.com> wrote:
> >>
> >> For measured be boot we must avoid any volatile values in the device-tree.
> >> We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.
> >
> > Could you explain a bit why this is, and where this is checked?
> >>
> >> Additionally remove /chosen/rng-seed provided by QEMU or U-Boot.
>
> Measured boot relies on creating hashes of artifacts and writing these
> to TPM. If the hashes don't match the OS will either warn or refuse to
> boot. The device-tree is one of the artifacts that are measured.
>
> If we have random values in /chosen, measured boot will fail.
>
> When an EFI RNG protocol is provided by the firmware, GRUB and the
> kernel will use it instead of /chosen/rng-seed and /chosen/kaslr-seed.
There's a comment on top of that function that explains what happens as well.
In short the EFI stub does not even look at the KASLR seed and never
randomizes the physical placement of the kernel. It only does that
when the EFI_RNG protocol is there.
Regards
/Ilias
>
> Best regards
>
> Heinrich
>
> >>
> >> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> >> ---
> >> include/efi_loader.h | 2 +-
> >> lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++-----
> >> lib/efi_loader/efi_helper.c | 2 +-
> >> 3 files changed, 12 insertions(+), 7 deletions(-)
> >
> > [..]
> >
> > Regards,
> > Simon
>
More information about the U-Boot
mailing list