From patchwork Fri Nov 18 13:32:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 22328 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp198009wrr; Fri, 18 Nov 2022 05:35:10 -0800 (PST) X-Google-Smtp-Source: AA0mqf6RZj0nYrJJtHWEmtU9vFuC1VfOFm+GZuafOu6d1/jOfz2kH3kORT3EkhPV/JSn89zBlHtd X-Received: by 2002:a17:90b:48c8:b0:213:2912:7a28 with SMTP id li8-20020a17090b48c800b0021329127a28mr7948584pjb.51.1668778510282; Fri, 18 Nov 2022 05:35:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668778510; cv=none; d=google.com; s=arc-20160816; b=W4y+r++PqFq/EE9ihI1pVfS3YV51OM7E4HJNBgfJiyH4TBe3nq5PadrR4G54PnttCr roz17FwXeTMf232jBO0RIZJ4wVsHDcYl3CwA2D71SxXmFOsnC2jBLjtcDIxjBnSVrbdc GuwLlkVfupyIAGb1n0L00JFfKNuF1VCkpH3GiZkyauU1zKs8BAZhXbP0ofH2Kt0LuU6w StftyKxtpqmyrOQp0mHsLnL9fw0BR5iqDNdnIjV7P7QBk1xX/Dwsq5byLcj4dUOYOZhp 2tmITyRguIthH1AdsesmsgLl2TR2V600jSVFq+EdKo9HVT2zAYe3bkCTcUasrKLwGB8A P2jQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+rn43NMm2YFbXIKxqcJTRkqXmYYbQTLqTZ42eLiNxak=; b=ENxDftDcbkQAqy0awg89kpkZdLfjRDJnupaj67Dk9k/1SIFsJCngjlugJmWoqGThwr lL8kMUURdmflYJjDGhrgTXejidoqKcLSODas59GLHlRBytfVf4c6T1bNrnhOMt6dzN8I 1epKgrF0O9FIIFeo3IeYhDz6x0rHIMbkDuXWoUyT8WtZQ2Has/xTXNJTVh5yKnQ9gvuH sN3GULU/aCcPw2gnk8d7SRZgu8tau8OxfdoLooV9UhPp6tcg9yLua6/jk4mPB5WGjH9A rbeqLUgraEbVssSQ3iIZG8zP9fQ9tY4t0odTe3xRDxEuUmQ72KwBVQTM3KjovtWzECGp BTDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=gB7VV9jP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 9-20020a17090a0c0900b00212d47deabesi3257042pjs.60.2022.11.18.05.34.57; Fri, 18 Nov 2022 05:35:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=gB7VV9jP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242029AbiKRNeH (ORCPT + 99 others); Fri, 18 Nov 2022 08:34:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235303AbiKRNdQ (ORCPT ); Fri, 18 Nov 2022 08:33:16 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F7908FF85; Fri, 18 Nov 2022 05:32:55 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 20EFBB823B8; Fri, 18 Nov 2022 13:32:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5103AC433D7; Fri, 18 Nov 2022 13:32:52 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="gB7VV9jP" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+rn43NMm2YFbXIKxqcJTRkqXmYYbQTLqTZ42eLiNxak=; b=gB7VV9jPyENstcotO2itt/6NqlfkYEDwmJwFHc7M08FmUDqLboNz/7G/VB8y7bpB4e7bP9 c8cY9AlAQa3BS8s+AcU0ShpdXM7HOiAM8YJQ2O8XC7fqWKQRQsHRDvDzR4ackIfz042Avd AVR9/M/0DXsfxNRxA0ybqp20Tj32FhM= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id e06189ab (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:51 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 1/5] efi: vars: prohibit reading random seed variables Date: Fri, 18 Nov 2022 14:32:35 +0100 Message-Id: <20221118133239.2515648-2-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749841094892066820?= X-GMAIL-MSGID: =?utf-8?q?1749841094892066820?= In anticipation of putting random seeds in EFI variables, it's important that the random GUID namespace of variables remains hidden from userspace. We accomplish this by not populating efivarfs with entries from that GUID, as well as denying the creation of new ones in that GUID. Signed-off-by: Jason A. Donenfeld --- fs/efivarfs/inode.c | 4 ++++ fs/efivarfs/super.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c index 939e5e242b98..617f3ad2485e 100644 --- a/fs/efivarfs/inode.c +++ b/fs/efivarfs/inode.c @@ -91,6 +91,10 @@ static int efivarfs_create(struct user_namespace *mnt_userns, struct inode *dir, err = guid_parse(dentry->d_name.name + namelen + 1, &var->var.VendorGuid); if (err) goto out; + if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) { + err = -EPERM; + goto out; + } if (efivar_variable_is_removable(var->var.VendorGuid, dentry->d_name.name, namelen)) diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c index 6780fc81cc11..07e82e246666 100644 --- a/fs/efivarfs/super.c +++ b/fs/efivarfs/super.c @@ -116,6 +116,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor, int err = -ENOMEM; bool is_removable = false; + if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) + return 0; + entry = kzalloc(sizeof(*entry), GFP_KERNEL); if (!entry) return err; From patchwork Fri Nov 18 13:32:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 22330 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp199286wrr; Fri, 18 Nov 2022 05:37:54 -0800 (PST) X-Google-Smtp-Source: AA0mqf4frU4P38F4Qwj4E9Pm1LrCs2x0XmHVrZLtHhsajLE2KZSeISNLvB1WFHRw5kmd5SsncjiE X-Received: by 2002:a05:6402:189:b0:469:85d:2663 with SMTP id r9-20020a056402018900b00469085d2663mr2894435edv.56.1668778674532; Fri, 18 Nov 2022 05:37:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668778674; cv=none; d=google.com; s=arc-20160816; b=fp4DAXdaY/Ho7wBze12pmF78Xe32XrahfDZxeJDyxoBJIoDoZk6sO6xgauz+xndIyH FI6ITJKXpmA3WufSATWD9GDTD4Z/YgLE4qW9hzeAhUjv5eTl4QS5kdtucQli45qdKVYy codaHzbHrjLDFHI0114VsQD5Wod46U+kfA7t53blIdvhrtQ/iD6yKDbXPsTLyOFZOE7a Ip12/SNL6ZhLDFt2kKhdQfOYlFyETdjr6tig3K3Pg9l/LSnyhTmEWOet2ZXG8KVbJ28d vbgCnl1br9Ap6Vdq3R0QeXKW4W5JoIhm+k2cEpdX/SHuEZZMgKePfDKI5/lagkTu3uLZ hqIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Z69aXawrfufSKW/RjtDgmumOVJvqFZkCZEOLY5WSnnc=; b=WMHXcAz+r2kYwLfziab1ZhJ8op6c1vmLF8e7IkQc4WfnuRNCqpeQPYvTqVq2m3xlRP V1Wt2HwC/y4LbdPEtnsHvbmCfjt0wzKoQiQ4XSJ6eV9Cw1C5aXmdZlVwSlkl1M8VZt3Q 76j89cV4VYQJQ0FP5nJQGMfS//1wl4IRJdWffQnwHTjwxe+mu74STyNQEkX/C6j3Xb2z ni0Fsm63OGOqh3TNEZ828GRZYyvGLsIHacw1TiagVOFd389oB5bgUAJTXGDSc9wTaqZR xzSH9OvlT2C9S+Ap84U6477Gi4qSzbQcL3/mO6ADZAyIZ4l7pQcAKm65Vcwq7vxi9fw5 Cx2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=ohytgDOJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cs9-20020a0564020c4900b004593bcff7e5si426226edb.475.2022.11.18.05.37.29; Fri, 18 Nov 2022 05:37:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=ohytgDOJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241823AbiKRNeO (ORCPT + 99 others); Fri, 18 Nov 2022 08:34:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242079AbiKRNdj (ORCPT ); Fri, 18 Nov 2022 08:33:39 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A0DB903A2; Fri, 18 Nov 2022 05:32:58 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 074E2B823BE; Fri, 18 Nov 2022 13:32:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2C95AC433C1; Fri, 18 Nov 2022 13:32:55 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="ohytgDOJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778374; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z69aXawrfufSKW/RjtDgmumOVJvqFZkCZEOLY5WSnnc=; b=ohytgDOJH180kmo7Zc4g9dCjNiDGQB4lKgfEkm27skLwRna94u4Rp19QszrLjFsq2IisEV yYqhsRDCQo1PGIKnyi7b5OlbpPoS67SzFFqyPyIcv255J7SiXopt57kpUQX+2yi7kF2diz VP6ku7jx64ZP3r9kT1pvcuynqaJjZG8= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id a0869f8f (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:54 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 2/5] efi: stub: use random seed from EFI variable Date: Fri, 18 Nov 2022 14:32:36 +0100 Message-Id: <20221118133239.2515648-3-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749841267434714963?= X-GMAIL-MSGID: =?utf-8?q?1749841267434714963?= EFI has a rather unique benefit that it has access to some limited non-volatile storage, where the kernel can store a random seed. Read that seed in EFISTUB and concatenate it with other seeds we wind up passing onward to the kernel in the configuration table. This is complementary to the current other two sources - previous bootloaders, and the EFI RNG protocol. Signed-off-by: Jason A. Donenfeld --- drivers/firmware/efi/libstub/random.c | 59 +++++++++++++++++++++------ include/linux/efi.h | 1 + 2 files changed, 48 insertions(+), 12 deletions(-) diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c index f85d2c066877..1e72013a6457 100644 --- a/drivers/firmware/efi/libstub/random.c +++ b/drivers/firmware/efi/libstub/random.c @@ -67,14 +67,25 @@ efi_status_t efi_random_get_seed(void) efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; efi_guid_t rng_algo_raw = EFI_RNG_ALGORITHM_RAW; efi_guid_t rng_table_guid = LINUX_EFI_RANDOM_SEED_TABLE_GUID; + efi_char16_t rng_nv_seed_var[] = LINUX_EFI_RANDOM_NV_SEED_VAR; struct linux_efi_random_seed *prev_seed, *seed = NULL; - int prev_seed_size = 0, seed_size = EFI_RANDOM_SEED_SIZE; + u8 nv_seed[EFI_RANDOM_SEED_SIZE]; + unsigned long prev_seed_size = 0, nv_seed_size = sizeof(nv_seed), seed_size = 0, offset = 0; efi_rng_protocol_t *rng = NULL; efi_status_t status; status = efi_bs_call(locate_protocol, &rng_proto, NULL, (void **)&rng); - if (status != EFI_SUCCESS) - return status; + if (status == EFI_SUCCESS) + seed_size += EFI_RANDOM_SEED_SIZE; + + status = get_efi_var(rng_nv_seed_var, &rng_table_guid, NULL, &nv_seed_size, nv_seed); + if (status == EFI_SUCCESS) + seed_size += nv_seed_size; + else + nv_seed_size = 0; + + if (!seed_size) + return EFI_NOT_FOUND; /* * Check whether a seed was provided by a prior boot stage. In that @@ -83,7 +94,7 @@ efi_status_t efi_random_get_seed(void) * Note that we should read the seed size with caution, in case the * table got corrupted in memory somehow. */ - prev_seed = get_efi_config_table(LINUX_EFI_RANDOM_SEED_TABLE_GUID); + prev_seed = get_efi_config_table(rng_table_guid); if (prev_seed && prev_seed->size <= 512U) { prev_seed_size = prev_seed->size; seed_size += prev_seed_size; @@ -103,7 +114,7 @@ efi_status_t efi_random_get_seed(void) } status = efi_call_proto(rng, get_rng, &rng_algo_raw, - EFI_RANDOM_SEED_SIZE, seed->bits); + EFI_RANDOM_SEED_SIZE, seed->bits + offset); if (status == EFI_UNSUPPORTED) /* @@ -111,16 +122,40 @@ efi_status_t efi_random_get_seed(void) * is not implemented. */ status = efi_call_proto(rng, get_rng, NULL, - EFI_RANDOM_SEED_SIZE, seed->bits); + EFI_RANDOM_SEED_SIZE, seed->bits + offset); - if (status != EFI_SUCCESS) + if (status == EFI_SUCCESS) + offset += EFI_RANDOM_SEED_SIZE; + + if (nv_seed_size) { + memcpy(seed->bits + offset, nv_seed, nv_seed_size); + memzero_explicit(nv_seed, nv_seed_size); + /* + * Zero it out before committing to using it. TODO: in the + * future, maybe we can hash it forward instead, which is + * better and also reduces the amount of writes here. + */ + status = set_efi_var(rng_nv_seed_var, &rng_table_guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, nv_seed_size, nv_seed); + if (status == EFI_SUCCESS) + status = set_efi_var(rng_nv_seed_var, &rng_table_guid, 0, 0, NULL); + if (status == EFI_SUCCESS) + offset += nv_seed_size; + else + memzero_explicit(seed->bits + offset, nv_seed_size); + } + + if (!offset) goto err_freepool; - seed->size = seed_size; - if (prev_seed_size) - memcpy(seed->bits + EFI_RANDOM_SEED_SIZE, prev_seed->bits, - prev_seed_size); + if (prev_seed_size) { + memcpy(seed->bits + offset, prev_seed->bits, prev_seed_size); + offset += prev_seed_size; + } + seed->size = offset; status = efi_bs_call(install_configuration_table, &rng_table_guid, seed); if (status != EFI_SUCCESS) goto err_freepool; @@ -135,7 +170,7 @@ efi_status_t efi_random_get_seed(void) err_freepool: memzero_explicit(seed, struct_size(seed, bits, seed_size)); efi_bs_call(free_pool, seed); - efi_warn("Failed to obtain seed from EFI_RNG_PROTOCOL\n"); + efi_warn("Failed to obtain seed from EFI_RNG_PROTOCOL and EFI variable\n"); err_warn: if (prev_seed) efi_warn("Retaining bootloader-supplied seed only"); diff --git a/include/linux/efi.h b/include/linux/efi.h index 4aa1dbc7b064..ca02685ec004 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -408,6 +408,7 @@ void efi_native_runtime_setup(void); #define LINUX_EFI_ARM_CPU_STATE_TABLE_GUID EFI_GUID(0xef79e4aa, 0x3c3d, 0x4989, 0xb9, 0x02, 0x07, 0xa9, 0x43, 0xe5, 0x50, 0xd2) #define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) #define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b) +#define LINUX_EFI_RANDOM_NV_SEED_VAR L"RandomSeed" #define LINUX_EFI_TPM_EVENT_LOG_GUID EFI_GUID(0xb7799cb0, 0xeca2, 0x4943, 0x96, 0x67, 0x1f, 0xae, 0x07, 0xb7, 0x47, 0xfa) #define LINUX_EFI_TPM_FINAL_LOG_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25) #define LINUX_EFI_MEMRESERVE_TABLE_GUID EFI_GUID(0x888eb0c6, 0x8ede, 0x4ff5, 0xa8, 0xf0, 0x9a, 0xee, 0x5c, 0xb9, 0x77, 0xc2) From patchwork Fri Nov 18 13:32:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 22332 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp203138wrr; Fri, 18 Nov 2022 05:47:07 -0800 (PST) X-Google-Smtp-Source: AA0mqf6HkJriM7Phu9IfEJxEJndLTSQHlaJQ675bgC2jkwWLJyK81BcXSIQzUUIHHeQoTqM4isja X-Received: by 2002:a17:902:db86:b0:188:fbc5:b734 with SMTP id m6-20020a170902db8600b00188fbc5b734mr4280166pld.170.1668779227539; Fri, 18 Nov 2022 05:47:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668779227; cv=none; d=google.com; s=arc-20160816; b=QAdNjWpAJ83nBnUS+LM7ncRqnljjZ6z4OOGN820aQIQ5pIYmhB1zpiUwdIk/jSSr/C E3LYi08yWf9YtkeOsIzdP4Sooa4FGxVfv+CJ8qYDcPODVH2BBQH/zG5hwzhvmo4nywxr sDtI6Jgc1ng8664UfzeWFzfgslZVRK2mlhAZfrMUfXxmkisIwZ+F+banXNThKe2Dfers tUXyG3j7HjhHbxpB+mnxqN+OAdR3Arzh5NLMe11RxXHFLEt8CnTmlCgR1YEKItgSefMT +TbjRxynqPueGjsMjZofPBRJh8e9fAzbGjdX5n3Ls4bEf6dHpGMeh/OzXJpVCNQGGRXH +3eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pVOAuUurkSZhqoCynPhpK1wmGlEDvQbtxxXUmLKcLxQ=; b=ShRvJ0zPJPbgGN23XgDahBkgguFM0Q97QjoM7PR7soSlWofkGOJU9Fvq2FQYsjvO0M +h0ceuitf3Iq34cdrDN5jOurMDvHjyq6Vjrjd3x4FU74IryAf7FsA/P+EKWKQhdzMaC6 bYfHwhoCjq1FWn+9CaT0ZlfKrOicbIOtqmTf/j5q3iY3OeF0B5Ab47unslW5cVlFW+SW Rri6IOk+CbUnNudqlrQvF35zUdfHjKVqF9vPdQpBDibBI6i6xF+4TuT2qqSOyf80RKgj 2Lk47YsfTrAKcdkfwc8hx47r4k4d+fsscgFN9k/LtDEiFTq24wf0PqmOJ4GMmlmcHe+w RxPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=jiXTeqN0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x134-20020a63318c000000b0046f4d4cc59asi3810411pgx.160.2022.11.18.05.46.50; Fri, 18 Nov 2022 05:47:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=jiXTeqN0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242200AbiKRNeR (ORCPT + 99 others); Fri, 18 Nov 2022 08:34:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242081AbiKRNdp (ORCPT ); Fri, 18 Nov 2022 08:33:45 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 526B6725C0; Fri, 18 Nov 2022 05:33:01 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 0FB6FB823BF; Fri, 18 Nov 2022 13:33:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1580FC433D7; Fri, 18 Nov 2022 13:32:58 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="jiXTeqN0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pVOAuUurkSZhqoCynPhpK1wmGlEDvQbtxxXUmLKcLxQ=; b=jiXTeqN0sJh8nDspBt7v9n4uCm5NxBMDKlGot/7ACpkhTVNNZpAmahusssQiYOAGl7YuBN 8uyL/T7foQ40OnSL2mynkEZz+05W7ec90x6RGlGtDqSfRHMtjafl1vXcJRsB3QXtvrgQbm uzCo025hvf1ff0j8lhm67iCeSqqESEQ= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 7bb348be (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:56 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 3/5] random: add back async readiness notifier Date: Fri, 18 Nov 2022 14:32:37 +0100 Message-Id: <20221118133239.2515648-4-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749841846909401853?= X-GMAIL-MSGID: =?utf-8?q?1749841846909401853?= This is required by vsprint, because it can't do things synchronously from hardirq context, and it will be useful for an EFI notifier as well. I didn't initially want to do this, but with two potential consumers now, it seems worth it. Signed-off-by: Jason A. Donenfeld --- drivers/char/random.c | 20 ++++++++++++++++++++ include/linux/random.h | 1 + 2 files changed, 21 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 65ee69896967..1185fe11b719 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -84,6 +84,7 @@ static DEFINE_STATIC_KEY_FALSE(crng_is_ready); /* Various types of waiters for crng_init->CRNG_READY transition. */ static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait); static struct fasync_struct *fasync; +static ATOMIC_NOTIFIER_HEAD(random_ready_notifier); /* Control how we warn userspace. */ static struct ratelimit_state urandom_warning = @@ -140,6 +141,24 @@ int wait_for_random_bytes(void) } EXPORT_SYMBOL(wait_for_random_bytes); +/* + * Add a callback function that will be invoked when the crng is initialised, + * or immediately if it already has been. + */ +int __cold execute_with_initialized_rng(struct notifier_block *nb) +{ + unsigned long flags; + int ret = 0; + + spin_lock_irqsave(&random_ready_notifier.lock, flags); + if (crng_ready()) + nb->notifier_call(nb, 0, NULL); + else + ret = raw_notifier_chain_register((struct raw_notifier_head *)&random_ready_notifier.head, nb); + spin_unlock_irqrestore(&random_ready_notifier.lock, flags); + return ret; +} + #define warn_unseeded_randomness() \ if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready()) \ printk_deferred(KERN_NOTICE "random: %s called from %pS with crng_init=%d\n", \ @@ -697,6 +716,7 @@ static void __cold _credit_init_bits(size_t bits) crng_reseed(NULL); /* Sets crng_init to CRNG_READY under base_crng.lock. */ if (static_key_initialized) execute_in_process_context(crng_set_ready, &set_ready); + atomic_notifier_call_chain(&random_ready_notifier, 0, NULL); wake_up_interruptible(&crng_init_wait); kill_fasync(&fasync, SIGIO, POLL_IN); pr_notice("crng init done\n"); diff --git a/include/linux/random.h b/include/linux/random.h index 579117d83eb8..b1a34181eed6 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -120,6 +120,7 @@ void __init random_init_early(const char *command_line); void __init random_init(void); bool rng_is_initialized(void); int wait_for_random_bytes(void); +int execute_with_initialized_rng(struct notifier_block *nb); /* Calls wait_for_random_bytes() and then calls get_random_bytes(buf, nbytes). * Returns the result of the call to wait_for_random_bytes. */ From patchwork Fri Nov 18 13:32:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 22333 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp203842wrr; Fri, 18 Nov 2022 05:48:53 -0800 (PST) X-Google-Smtp-Source: AA0mqf4EsqC+jEyxl1EY8xDUdRJlAxrzS3FtV6Dku6m4TqJuoOHvbBRjKCGCzTKo7QlQDjAMgqGB X-Received: by 2002:a63:d556:0:b0:435:7957:559d with SMTP id v22-20020a63d556000000b004357957559dmr6536783pgi.122.1668779333061; Fri, 18 Nov 2022 05:48:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668779333; cv=none; d=google.com; s=arc-20160816; b=R+3fxPcREfRToCjyvxG2+O/RaYIWQmJaesbIvBrfnP3deddLrIgKrBHECRSPhGf9Kn ZzhM6SMNVFSSerQtU4PbDdVcH7V3aB8TU9yeMuWY2OCb/B6Bjj/ibr5BhKLhgNtHqr1z YWJMJFWhz6J+/zOOofd7fhgkGxzbBHR71i/jmHHCWsksiMfUkk3E7VyMxggrlSfTt5ZP rez04/8TaXtGupnxdBHYjjbdWRZCPMW3TQsUMCLI8CCcWgo74YyoWOfMXyFZfveuN4rK w9Xx9YFnX1VZTPl1xEzjyS4al8M4i+CR7BnN8QwYAa8Sm+Nfpa9Z2dRt3oR2HmC0Z2jo Ce7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KRI7c0jyO81WH8LhGQd5yn6JLdZ1nNbkFYrsF+JdkxI=; b=EtWRN0scJS8BFu+bnMHXj2ZpiugPrtqVhaMk2T8jOUYezJ2hHHqLL6xU4rtoBxNE/5 +IKGdW6px0ZGwbqCQ+9lgl7Q+DwIovFcEnb6iZMDGKGNz4cSsyTzLNsPdDXPYdUmHHhj q7PSckjBEj/ZhnBNbE8LkmmIZboAgYCvwGqF1jYg+O30GskUj2wxJyKYC+HJreov9lly OwcABZschbbqGvTutj7GP166+wSKE28RYIStnVSG2dAOQLVSuHd9aB4Wv51jN+dVz1UW Z4xRpMTy6vKhuOaqKfuUebqMaban63nICFSdHbLOwXLHEQ5IpgfVQf/W7WqxAel7ok4a 02SA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=G0A2QFa0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k7-20020a056a00134700b00556c1c66b61si4450060pfu.143.2022.11.18.05.48.38; Fri, 18 Nov 2022 05:48:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=G0A2QFa0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242132AbiKRNeg (ORCPT + 99 others); Fri, 18 Nov 2022 08:34:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53860 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242123AbiKRNdu (ORCPT ); Fri, 18 Nov 2022 08:33:50 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E65C91504; Fri, 18 Nov 2022 05:33:02 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 808616240E; Fri, 18 Nov 2022 13:33:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C125C433D6; Fri, 18 Nov 2022 13:33:00 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="G0A2QFa0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KRI7c0jyO81WH8LhGQd5yn6JLdZ1nNbkFYrsF+JdkxI=; b=G0A2QFa06c2vme6/Qitw8okO4LXJIpDqVFWKn18clZ4r0m65OFEa++PJHAysuO7ER5MDL/ +H5MFBVuYrRRwGioQrCsQ8br1z40XM2Xl849jbejS9wGUI7DP01Vl185aUDJGBKYSx2CVK 6+e/5l2w/Oiza9h74/G0nyz/tPQSi4w= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id e8982513 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:59 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" , Mike Galbraith , Sebastian Andrzej Siewior , Petr Mladek Subject: [PATCH v2 4/5] vsprintf: initialize siphash key using notifier Date: Fri, 18 Nov 2022 14:32:38 +0100 Message-Id: <20221118133239.2515648-5-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749841957842483059?= X-GMAIL-MSGID: =?utf-8?q?1749841957842483059?= Rather than polling every second, use the new notifier to do this at exactly the right moment. Cc: Mike Galbraith Cc: Sebastian Andrzej Siewior Cc: Petr Mladek Signed-off-by: Jason A. Donenfeld --- lib/vsprintf.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 24f37bab8bc1..890607b32235 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -41,6 +41,7 @@ #include #include #include +#include #ifdef CONFIG_BLOCK #include #endif @@ -752,26 +753,21 @@ early_param("debug_boot_weak_hash", debug_boot_weak_hash_enable); static bool filled_random_ptr_key __read_mostly; static siphash_key_t ptr_key __read_mostly; -static void fill_ptr_key_workfn(struct work_struct *work); -static DECLARE_DELAYED_WORK(fill_ptr_key_work, fill_ptr_key_workfn); -static void fill_ptr_key_workfn(struct work_struct *work) +static int fill_ptr_key(struct notifier_block *nb, unsigned long action, void *data) { - if (!rng_is_initialized()) { - queue_delayed_work(system_unbound_wq, &fill_ptr_key_work, HZ * 2); - return; - } - get_random_bytes(&ptr_key, sizeof(ptr_key)); /* Pairs with smp_rmb() before reading ptr_key. */ smp_wmb(); WRITE_ONCE(filled_random_ptr_key, true); + return 0; } static int __init vsprintf_init_hashval(void) { - fill_ptr_key_workfn(NULL); + static struct notifier_block fill_ptr_key_nb = { .notifier_call = fill_ptr_key }; + execute_with_initialized_rng(&fill_ptr_key_nb); return 0; } subsys_initcall(vsprintf_init_hashval) From patchwork Fri Nov 18 13:32:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 22331 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp199388wrr; Fri, 18 Nov 2022 05:38:11 -0800 (PST) X-Google-Smtp-Source: AA0mqf4/UaASCjY8MAahsZtSCI8eDR8Ga0VyxBRFlFVIZq+yBPf7WYEwCtRp05EOlSaBse+QTWLc X-Received: by 2002:a17:906:15ca:b0:7a5:7c1c:cc5c with SMTP id l10-20020a17090615ca00b007a57c1ccc5cmr5969007ejd.644.1668778690990; Fri, 18 Nov 2022 05:38:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668778690; cv=none; d=google.com; s=arc-20160816; b=aLD8Y0n38PsFV+PvG1AvTg6sRBRqVqr11FVlWKPq4+McJxU9sFAEgKU6MhKvxOK1+W Y/RMvoyN0eRbQXRM3T2zB4xvQu4+EXjjLVcHfNgTa+4xnz+PG+bImf2pgNgKNTgFrIqZ GnbGlISDHFxEplpMwxhpB45NXqDSr/NLo1lzqbTDgSFVMQazs2Hb8GqjzQ0R8Voy8Vcb u+9K17wzRGMuab2xk7I3DNldnbWEJigAaT0lILtU6pTaA0UKmHCAe/oFTyEIf6McLyZK UFhnAJKDTwkHXm6VvYtNL/ydQRLvEowu7/XmGXTwuOillgloiuWmy34YsmKP/EO7PwJn hDWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Nh+wKp8yEnal64w+3O1z4UzVRdj34fdKJzoeu8AGeCc=; b=R5ySPXXOHkF5wAxZ0tvNhwYpLuG28DPpoMc2rAzyn88+x+lfD7aA7WUpn1JZQUlylN nEfaaM6GS4AOHKqmM/cke9LNgOCvXVlMXXJrQlwB+zuSb3il7DuYWid68qcZHrJry12k 2lYwEFW4Ai5XwG7h1ahLslcL5cY1yctNX9hY6riScrcCVRq+pPBX96d5fDnuILzgWO/0 r5j/ZWJw9BTRH3z6fdNTj53ZOm/huOzUDBMGj5epUBabtu/uBxuTSBQNp3en8DU8xLeY hoqmKicvlKLKkQ2SkC34NUQczDtEDXQYsAmwqEm8uy9kIiFNfhRhi+PdCjG6kN9r7iIy PGmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=RJUXvtvl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id wy4-20020a170906fe0400b007b28c65347esi2843621ejb.695.2022.11.18.05.37.45; Fri, 18 Nov 2022 05:38:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=RJUXvtvl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242111AbiKRNez (ORCPT + 99 others); Fri, 18 Nov 2022 08:34:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242190AbiKRNeG (ORCPT ); Fri, 18 Nov 2022 08:34:06 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA599920A3; Fri, 18 Nov 2022 05:33:06 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 66B956250F; Fri, 18 Nov 2022 13:33:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30FE1C433C1; Fri, 18 Nov 2022 13:33:05 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="RJUXvtvl" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778383; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Nh+wKp8yEnal64w+3O1z4UzVRdj34fdKJzoeu8AGeCc=; b=RJUXvtvljmI7nM8jcrYjPJSKIeKiEHKTM0jT3pZbVZlfbnEdta+WRkCwltOF8J8+FwHPvq /+3ggZVwSf20Q0cmbQyDlGNU1SSUYo70B34KakKLgRUCu7nO0a9tVhojBiu0pzZMdQ2XVj z7cfy8Phi9lOzGsdGyNKQ7R98T1JaOI= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c42b9edb (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:33:03 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 5/5] efi: random: refresh non-volatile random seed when RNG is initialized Date: Fri, 18 Nov 2022 14:32:39 +0100 Message-Id: <20221118133239.2515648-6-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749841284532721833?= X-GMAIL-MSGID: =?utf-8?q?1749841284532721833?= EFI has a rather unique benefit that it has access to some limited non-volatile storage, where the kernel can store a random seed. Register a notification for when the RNG is initialized, and at that point, store a new random seed. Signed-off-by: Jason A. Donenfeld Reviewed-by: Ard Biesheuvel --- drivers/firmware/efi/efi.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index f12cc29bd4b8..f8edf6164833 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -337,6 +337,24 @@ static void __init efi_debugfs_init(void) static inline void efi_debugfs_init(void) {} #endif +static void refresh_nv_rng_seed(struct work_struct *work) +{ + u8 seed[EFI_RANDOM_SEED_SIZE]; + + get_random_bytes(seed, sizeof(seed)); + efi.set_variable(LINUX_EFI_RANDOM_NV_SEED_VAR, &LINUX_EFI_RANDOM_SEED_TABLE_GUID, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, sizeof(seed), seed); + memzero_explicit(seed, sizeof(seed)); +} +static int refresh_nv_rng_seed_notification(struct notifier_block *nb, unsigned long action, void *data) +{ + static DECLARE_WORK(work, refresh_nv_rng_seed); + schedule_work(&work); + return 0; +} +static struct notifier_block refresh_nv_rng_seed_nb = { .notifier_call = refresh_nv_rng_seed_notification }; + /* * We register the efi subsystem with the firmware subsystem and the * efivars subsystem with the efi subsystem, if the system was booted with @@ -413,6 +431,7 @@ static int __init efisubsys_init(void) platform_device_register_simple("efi_secret", 0, NULL, 0); #endif + execute_with_initialized_rng(&refresh_nv_rng_seed_nb); return 0; err_remove_group: