[PATCH 1/1] efi_leader: delete rng-seed if having EFI RNG protocol
Simon Glass
sjg at chromium.org
Thu Sep 19 17:19:32 CEST 2024
Hi,
On Thu, 19 Sept 2024 at 17:13, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
>
>
> On Thu, Sep 19, 2024, 18:05 Heinrich Schuchardt <heinrich.schuchardt at canonical.com> wrote:
>>
>> On 19.09.24 17:00, Simon Glass wrote:
>> > Hi,
>> >
>> > On Thu, 19 Sept 2024 at 16:32, Ilias Apalodimas
>> > <ilias.apalodimas at linaro.org> wrote:
>> >>
>> >> Hi all,
>> >>
>> >> On Thu, 19 Sept 2024 at 17:20, Heinrich Schuchardt
>> >> <heinrich.schuchardt at canonical.com> wrote:
>> >>>
>> >>> On 19.09.24 16:10, Simon Glass wrote:
>> >>>> Hi Heinrich,
>> >>>>
>> >>>> On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt
>> >>>> <heinrich.schuchardt at canonical.com> wrote:
>> >>>>>
>> >>>>> For measured be boot we must avoid any volatile values in the device-tree.
>> >>>>> We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.
>> >>>>
>> >>>> Could you explain a bit why this is, and where this is checked?
>> >>>>>
>> >>>>> Additionally remove /chosen/rng-seed provided by QEMU or U-Boot.
>> >>>
>> >>> Measured boot relies on creating hashes of artifacts and writing these
>> >>> to TPM. If the hashes don't match the OS will either warn or refuse to
>> >>> boot. The device-tree is one of the artifacts that are measured.
>> >>>
>> >>> If we have random values in /chosen, measured boot will fail.
>> >>>
>> >>> When an EFI RNG protocol is provided by the firmware, GRUB and the
>> >>> kernel will use it instead of /chosen/rng-seed and /chosen/kaslr-seed.
>> >>
>> >> There's a comment on top of that function that explains what happens as well.
>> >> In short the EFI stub does not even look at the KASLR seed and never
>> >> randomizes the physical placement of the kernel. It only does that
>> >> when the EFI_RNG protocol is there.
>> >
>> > OK thank you. I suppose I am more just wondering why it got added in
>> > the first place?
>>
>> For booting via the legacy Linux entry point adding kaslr-seed allows to
>> randomize addresses. QEMU adds rng-seed instead of kaslr-seed.
>
>
> Not the kernel physical placement. It randomizes only the virtual placement
So, are you saying that U-Boot adds this field into the FDT and then removes it?
Regards,
Simon
More information about the U-Boot
mailing list