On 19.09.24 16:10, Simon Glass wrote:
Hi Heinrich,
On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt
<heinrich.schucha...@canonical.com> wrote:
For measured be boot we must avoid any volatile values in the device-tree.
We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.
Could you explain a bit why this is, and where this is checked?
Additionally remove /chosen/rng-seed provided by QEMU or U-Boot.
Measured boot relies on creating hashes of artifacts and writing these
to TPM. If the hashes don't match the OS will either warn or refuse to
boot. The device-tree is one of the artifacts that are measured.
If we have random values in /chosen, measured boot will fail.
When an EFI RNG protocol is provided by the firmware, GRUB and the
kernel will use it instead of /chosen/rng-seed and /chosen/kaslr-seed.
Best regards
Heinrich
Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
---
include/efi_loader.h | 2 +-
lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++-----
lib/efi_loader/efi_helper.c | 2 +-
3 files changed, 12 insertions(+), 7 deletions(-)
[..]
Regards,
Simon
