mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-09-21 15:12:04 +00:00
a2f1482fc0
U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen node. That would be problematic in case we want to measure the DTB we install in the configuration table, since it would change across reboots. The Linux kernel EFI-stub completely ignores it and only relies on EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization of the physical placement of the kernel). In fact it (blindly) overwrites the existing seed if the protocol is installed. However it still uses it for randomizing it's virtual placement. So let's get rid of it in the presence of the RNG protocol. It's worth noting that TPMs also provide an RNG. So if we tweak our EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device is present the 'kaslr-seed' property will always be removed, allowing us to reliably measure our DTB. Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
201 lines
5.1 KiB
C
201 lines
5.1 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* EFI_DT_FIXUP_PROTOCOL
|
|
*
|
|
* Copyright (c) 2020 Heinrich Schuchardt
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <efi_dt_fixup.h>
|
|
#include <efi_loader.h>
|
|
#include <efi_rng.h>
|
|
#include <fdtdec.h>
|
|
#include <mapmem.h>
|
|
|
|
const efi_guid_t efi_guid_dt_fixup_protocol = EFI_DT_FIXUP_PROTOCOL_GUID;
|
|
|
|
/**
|
|
* efi_reserve_memory() - add reserved memory to memory map
|
|
*
|
|
* @addr: start address of the reserved memory range
|
|
* @size: size of the reserved memory range
|
|
* @nomap: indicates that the memory range shall not be accessed by the
|
|
* UEFI payload
|
|
*/
|
|
static void efi_reserve_memory(u64 addr, u64 size, bool nomap)
|
|
{
|
|
int type;
|
|
efi_uintn_t ret;
|
|
|
|
/* Convert from sandbox address space. */
|
|
addr = (uintptr_t)map_sysmem(addr, 0);
|
|
|
|
if (nomap)
|
|
type = EFI_RESERVED_MEMORY_TYPE;
|
|
else
|
|
type = EFI_BOOT_SERVICES_DATA;
|
|
|
|
ret = efi_add_memory_map(addr, size, type);
|
|
if (ret != EFI_SUCCESS)
|
|
log_err("Reserved memory mapping failed addr %llx size %llx\n",
|
|
addr, size);
|
|
}
|
|
|
|
/**
|
|
* efi_try_purge_kaslr_seed() - Remove unused kaslr-seed
|
|
*
|
|
* Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization
|
|
* and completely ignores the kaslr-seed for its own randomness needs
|
|
* (i.e the randomization of the physical placement of the kernel).
|
|
* Weed it out from the DTB we hand over, which would mess up our DTB
|
|
* TPM measurements as well.
|
|
*
|
|
* @fdt: Pointer to device tree
|
|
*/
|
|
void efi_try_purge_kaslr_seed(void *fdt)
|
|
{
|
|
const efi_guid_t efi_guid_rng_protocol = EFI_RNG_PROTOCOL_GUID;
|
|
struct efi_handler *handler;
|
|
efi_status_t ret;
|
|
int nodeoff = 0;
|
|
int err = 0;
|
|
|
|
ret = efi_search_protocol(efi_root, &efi_guid_rng_protocol, &handler);
|
|
if (ret != EFI_SUCCESS)
|
|
return;
|
|
|
|
nodeoff = fdt_path_offset(fdt, "/chosen");
|
|
if (nodeoff < 0)
|
|
return;
|
|
|
|
err = fdt_delprop(fdt, nodeoff, "kaslr-seed");
|
|
if (err < 0 && err != -FDT_ERR_NOTFOUND)
|
|
log_err("Error deleting kaslr-seed\n");
|
|
}
|
|
|
|
/**
|
|
* efi_carve_out_dt_rsv() - Carve out DT reserved memory ranges
|
|
*
|
|
* The mem_rsv entries of the FDT are added to the memory map. Any failures are
|
|
* ignored because this is not critical and we would rather continue to try to
|
|
* boot.
|
|
*
|
|
* @fdt: Pointer to device tree
|
|
*/
|
|
void efi_carve_out_dt_rsv(void *fdt)
|
|
{
|
|
int nr_rsv, i;
|
|
u64 addr, size;
|
|
int nodeoffset, subnode;
|
|
|
|
nr_rsv = fdt_num_mem_rsv(fdt);
|
|
|
|
/* Look for an existing entry and add it to the efi mem map. */
|
|
for (i = 0; i < nr_rsv; i++) {
|
|
if (fdt_get_mem_rsv(fdt, i, &addr, &size) != 0)
|
|
continue;
|
|
efi_reserve_memory(addr, size, true);
|
|
}
|
|
|
|
/* process reserved-memory */
|
|
nodeoffset = fdt_subnode_offset(fdt, 0, "reserved-memory");
|
|
if (nodeoffset >= 0) {
|
|
subnode = fdt_first_subnode(fdt, nodeoffset);
|
|
while (subnode >= 0) {
|
|
fdt_addr_t fdt_addr;
|
|
fdt_size_t fdt_size;
|
|
|
|
/* check if this subnode has a reg property */
|
|
fdt_addr = fdtdec_get_addr_size_auto_parent(
|
|
fdt, nodeoffset, subnode,
|
|
"reg", 0, &fdt_size, false);
|
|
/*
|
|
* The /reserved-memory node may have children with
|
|
* a size instead of a reg property.
|
|
*/
|
|
if (fdt_addr != FDT_ADDR_T_NONE &&
|
|
fdtdec_get_is_enabled(fdt, subnode)) {
|
|
bool nomap;
|
|
|
|
nomap = !!fdt_getprop(fdt, subnode, "no-map",
|
|
NULL);
|
|
efi_reserve_memory(fdt_addr, fdt_size, nomap);
|
|
}
|
|
subnode = fdt_next_subnode(fdt, subnode);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* efi_dt_fixup() - fix up device tree
|
|
*
|
|
* This function implements the Fixup() service of the
|
|
* EFI Device Tree Fixup Protocol.
|
|
*
|
|
* @this: instance of the protocol
|
|
* @dtb: device tree provided by caller
|
|
* @buffer_size: size of buffer for the device tree including free space
|
|
* @flags: bit field designating action to be performed
|
|
* Return: status code
|
|
*/
|
|
static efi_status_t __maybe_unused EFIAPI
|
|
efi_dt_fixup(struct efi_dt_fixup_protocol *this, void *dtb,
|
|
efi_uintn_t *buffer_size, u32 flags)
|
|
{
|
|
efi_status_t ret;
|
|
size_t required_size;
|
|
size_t total_size;
|
|
bootm_headers_t img = { 0 };
|
|
|
|
EFI_ENTRY("%p, %p, %p, %d", this, dtb, buffer_size, flags);
|
|
|
|
if (this != &efi_dt_fixup_prot || !dtb || !buffer_size ||
|
|
!flags || (flags & ~EFI_DT_ALL)) {
|
|
ret = EFI_INVALID_PARAMETER;
|
|
goto out;
|
|
}
|
|
if (fdt_check_header(dtb)) {
|
|
ret = EFI_INVALID_PARAMETER;
|
|
goto out;
|
|
}
|
|
if (flags & EFI_DT_APPLY_FIXUPS) {
|
|
/* Check size */
|
|
required_size = fdt_off_dt_strings(dtb) +
|
|
fdt_size_dt_strings(dtb) +
|
|
0x3000;
|
|
total_size = fdt_totalsize(dtb);
|
|
if (required_size < total_size)
|
|
required_size = total_size;
|
|
if (required_size > *buffer_size) {
|
|
*buffer_size = required_size;
|
|
ret = EFI_BUFFER_TOO_SMALL;
|
|
goto out;
|
|
}
|
|
|
|
fdt_set_totalsize(dtb, *buffer_size);
|
|
if (image_setup_libfdt(&img, dtb, 0, NULL)) {
|
|
log_err("failed to process device tree\n");
|
|
ret = EFI_INVALID_PARAMETER;
|
|
goto out;
|
|
}
|
|
}
|
|
if (flags & EFI_DT_RESERVE_MEMORY)
|
|
efi_carve_out_dt_rsv(dtb);
|
|
|
|
if (flags & EFI_DT_INSTALL_TABLE) {
|
|
ret = efi_install_configuration_table(&efi_guid_fdt, dtb);
|
|
if (ret != EFI_SUCCESS) {
|
|
log_err("failed to install device tree\n");
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
ret = EFI_SUCCESS;
|
|
out:
|
|
return EFI_EXIT(ret);
|
|
}
|
|
|
|
struct efi_dt_fixup_protocol efi_dt_fixup_prot = {
|
|
.revision = EFI_DT_FIXUP_PROTOCOL_REVISION,
|
|
.fixup = efi_dt_fixup
|
|
};
|