From patchwork Sat Nov 12 21:32:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Fleming X-Patchwork-Id: 81936 Delivered-To: patch@linaro.org Received: by 10.182.1.168 with SMTP id 8csp456375obn; Sat, 12 Nov 2016 13:34:00 -0800 (PST) X-Received: by 10.98.34.68 with SMTP id i65mr20696386pfi.135.1478986440162; Sat, 12 Nov 2016 13:34:00 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 197si16412198pfy.74.2016.11.12.13.33.59; Sat, 12 Nov 2016 13:34:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeblueprint-co-uk.20150623.gappssmtp.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754410AbcKLVdz (ORCPT + 27 others); Sat, 12 Nov 2016 16:33:55 -0500 Received: from mail-wm0-f45.google.com ([74.125.82.45]:36939 "EHLO mail-wm0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753616AbcKLVcr (ORCPT ); Sat, 12 Nov 2016 16:32:47 -0500 Received: by mail-wm0-f45.google.com with SMTP id t79so36507295wmt.0 for ; Sat, 12 Nov 2016 13:32:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codeblueprint-co-uk.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=e6iXnYJ1Bh11TEvf8RlMgF/i87dDPiIKCysKl6gzCr0=; b=nC+uzdBhedPoJ7g6loWuqfTWJbYqP6s3tHo+X7bz8R4dm7/1kQAyQosreDd722Vmed gGDQIV92bdpgISARN/piXq5gv0a6eFGCpyI9272zCkxbBQKCYBWCnlp2t/gKok/Tso8i QsACDvkVRIoZsxxq3VeGSBJy51ZoERA/+cYYMh/Wxg435ZLHC9vgm0BXwTCOpMfShbg1 6DhcURyxpYVi0hrEEzbEtsHgvjoGFFmE4DX1ajT9cD8jw5S8XMm2GPjZGFivG/N2iQg5 FVnYlqxB29gWVQjO1h3RueIl5o4PoHqNO5SMEAouwTkDWFayf7yaoByfcFS8aWsT35Iu 2W4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=e6iXnYJ1Bh11TEvf8RlMgF/i87dDPiIKCysKl6gzCr0=; b=B0w1kImTYeo4VNRemC85FUCC8JZJ05A/iUHC13vqha4uX8g1defmJeN53HLrWQonzk cnTwL4blGQWUqmEO98KXX9fHChge+zK3T6C5fh09j7hpTUPrHTRNHbuvPAONoEfdAOlS kSWVnVcqDzdJnZiEVMT8SLuxE6h0/BCZg1BE26WyLSvgkWFhzUzT+1As09irc2HrVkJe NHV6hjl/anXHkjAWKsdloWu9f3KQeUtuWb86oaD/CMJ1lhEgxJ6wKqfT9NlWHcql+p7+ upyGaY9SArB0SVT5bGtxRqnTd3ZwAO/CdCkxfmalal98jI47CukRPIqJG/o/FOdE52qI vvwA== X-Gm-Message-State: ABUngvcCKxCxgHurhEXUMCVQrrbsHWNZeeUo9xACg3SkacYlDWvjUGsqNvN374gVfkcZuA== X-Received: by 10.194.119.68 with SMTP id ks4mr11705755wjb.171.1478986365689; Sat, 12 Nov 2016 13:32:45 -0800 (PST) Received: from localhost ([2a02:c7f:9225:4100:de53:60ff:fe39:5599]) by smtp.gmail.com with ESMTPSA id 18sm19745843wmr.6.2016.11.12.13.32.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 12 Nov 2016 13:32:44 -0800 (PST) From: Matt Fleming To: Ingo Molnar , Thomas Gleixner , "H . Peter Anvin" Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Matt Fleming , Kees Cook Subject: [PATCH 5/9] efi/arm*: libstub: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table Date: Sat, 12 Nov 2016 21:32:33 +0000 Message-Id: <20161112213237.8804-6-matt@codeblueprint.co.uk> X-Mailer: git-send-email 2.10.0 In-Reply-To: <20161112213237.8804-1-matt@codeblueprint.co.uk> References: <20161112213237.8804-1-matt@codeblueprint.co.uk> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel Invoke the EFI_RNG_PROTOCOL protocol in the context of the stub and install the Linux-specific RNG seed UEFI config table. This will be picked up by the EFI routines in the core kernel to seed the kernel entropy pool. Cc: Matt Fleming Reviewed-by: Kees Cook Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm-stub.c | 2 ++ drivers/firmware/efi/libstub/efistub.h | 2 ++ drivers/firmware/efi/libstub/random.c | 48 +++++++++++++++++++++++++++++++++ include/linux/efi.h | 1 + 4 files changed, 53 insertions(+) -- 2.10.0 diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c index 993aa56755f6..b4f7d78f9e8b 100644 --- a/drivers/firmware/efi/libstub/arm-stub.c +++ b/drivers/firmware/efi/libstub/arm-stub.c @@ -340,6 +340,8 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table, if (status != EFI_SUCCESS) pr_efi_err(sys_table, "Failed initrd from command line!\n"); + efi_random_get_seed(sys_table); + new_fdt_addr = fdt_addr; status = allocate_new_fdt_and_exit_boot(sys_table, handle, &new_fdt_addr, dram_base + MAX_FDT_OFFSET, diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index fe1f22584c69..b98824e3800a 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -71,4 +71,6 @@ efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg, efi_status_t check_platform_features(efi_system_table_t *sys_table_arg); +efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg); + #endif diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c index f8e2e5ae6872..3a3feacc329f 100644 --- a/drivers/firmware/efi/libstub/random.c +++ b/drivers/firmware/efi/libstub/random.c @@ -143,3 +143,51 @@ efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg, return status; } + +#define RANDOM_SEED_SIZE 32 + +efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg) +{ + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; + efi_guid_t rng_algo_raw = EFI_RNG_ALGORITHM_RAW; + efi_guid_t rng_table_guid = LINUX_EFI_RANDOM_SEED_TABLE_GUID; + struct efi_rng_protocol *rng; + struct linux_efi_random_seed *seed; + efi_status_t status; + + status = efi_call_early(locate_protocol, &rng_proto, NULL, + (void **)&rng); + if (status != EFI_SUCCESS) + return status; + + status = efi_call_early(allocate_pool, EFI_RUNTIME_SERVICES_DATA, + sizeof(*seed) + RANDOM_SEED_SIZE, + (void **)&seed); + if (status != EFI_SUCCESS) + return status; + + status = rng->get_rng(rng, &rng_algo_raw, RANDOM_SEED_SIZE, + seed->bits); + if (status == EFI_UNSUPPORTED) + /* + * Use whatever algorithm we have available if the raw algorithm + * is not implemented. + */ + status = rng->get_rng(rng, NULL, RANDOM_SEED_SIZE, + seed->bits); + + if (status != EFI_SUCCESS) + goto err_freepool; + + seed->size = RANDOM_SEED_SIZE; + status = efi_call_early(install_configuration_table, &rng_table_guid, + seed); + if (status != EFI_SUCCESS) + goto err_freepool; + + return EFI_SUCCESS; + +err_freepool: + efi_call_early(free_pool, seed); + return status; +} diff --git a/include/linux/efi.h b/include/linux/efi.h index 85e28b138cdd..f5a821d9b90c 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -589,6 +589,7 @@ void efi_native_runtime_setup(void); #define DEVICE_TREE_GUID EFI_GUID(0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0) #define EFI_PROPERTIES_TABLE_GUID EFI_GUID(0x880aaca3, 0x4adc, 0x4a04, 0x90, 0x79, 0xb7, 0x47, 0x34, 0x08, 0x25, 0xe5) #define EFI_RNG_PROTOCOL_GUID EFI_GUID(0x3152bca5, 0xeade, 0x433d, 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44) +#define EFI_RNG_ALGORITHM_RAW EFI_GUID(0xe43176d7, 0xb6e8, 0x4827, 0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61) #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d)