Hi, On Thu, 19 Sept 2024 at 16:32, Ilias Apalodimas <ilias.apalodi...@linaro.org> wrote: > > Hi all, > > On Thu, 19 Sept 2024 at 17:20, Heinrich Schuchardt > <heinrich.schucha...@canonical.com> wrote: > > > > On 19.09.24 16:10, Simon Glass wrote: > > > Hi Heinrich, > > > > > > On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt > > > <heinrich.schucha...@canonical.com> wrote: > > >> > > >> For measured be boot we must avoid any volatile values in the > > >> device-tree. > > >> We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol. > > > > > > Could you explain a bit why this is, and where this is checked? > > >> > > >> Additionally remove /chosen/rng-seed provided by QEMU or U-Boot. > > > > Measured boot relies on creating hashes of artifacts and writing these > > to TPM. If the hashes don't match the OS will either warn or refuse to > > boot. The device-tree is one of the artifacts that are measured. > > > > If we have random values in /chosen, measured boot will fail. > > > > When an EFI RNG protocol is provided by the firmware, GRUB and the > > kernel will use it instead of /chosen/rng-seed and /chosen/kaslr-seed. > > There's a comment on top of that function that explains what happens as well. > In short the EFI stub does not even look at the KASLR seed and never > randomizes the physical placement of the kernel. It only does that > when the EFI_RNG protocol is there.
OK thank you. I suppose I am more just wondering why it got added in the first place? Regards, Simon > > Regards > /Ilias > > > > Best regards > > > > Heinrich > > > > >> > > >> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> > > >> --- > > >> include/efi_loader.h | 2 +- > > >> lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++----- > > >> lib/efi_loader/efi_helper.c | 2 +- > > >> 3 files changed, 12 insertions(+), 7 deletions(-) > > > > > > [..] > > > > > > Regards, > > > Simon > >
