On Thu, Sep 19, 2024, 18:05 Heinrich Schuchardt < heinrich.schucha...@canonical.com> wrote:
> On 19.09.24 17:00, Simon Glass wrote: > > Hi, > > > > On Thu, 19 Sept 2024 at 16:32, Ilias Apalodimas > > <ilias.apalodi...@linaro.org> wrote: > >> > >> Hi all, > >> > >> On Thu, 19 Sept 2024 at 17:20, Heinrich Schuchardt > >> <heinrich.schucha...@canonical.com> wrote: > >>> > >>> On 19.09.24 16:10, Simon Glass wrote: > >>>> Hi Heinrich, > >>>> > >>>> On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt > >>>> <heinrich.schucha...@canonical.com> wrote: > >>>>> > >>>>> For measured be boot we must avoid any volatile values in the > device-tree. > >>>>> We already delete /chosen/kaslr-seed if we provide and EFI RNG > protocol. > >>>> > >>>> Could you explain a bit why this is, and where this is checked? > >>>>> > >>>>> Additionally remove /chosen/rng-seed provided by QEMU or U-Boot. > >>> > >>> Measured boot relies on creating hashes of artifacts and writing these > >>> to TPM. If the hashes don't match the OS will either warn or refuse to > >>> boot. The device-tree is one of the artifacts that are measured. > >>> > >>> If we have random values in /chosen, measured boot will fail. > >>> > >>> When an EFI RNG protocol is provided by the firmware, GRUB and the > >>> kernel will use it instead of /chosen/rng-seed and /chosen/kaslr-seed. > >> > >> There's a comment on top of that function that explains what happens as > well. > >> In short the EFI stub does not even look at the KASLR seed and never > >> randomizes the physical placement of the kernel. It only does that > >> when the EFI_RNG protocol is there. > > > > OK thank you. I suppose I am more just wondering why it got added in > > the first place? > > For booting via the legacy Linux entry point adding kaslr-seed allows to > randomize addresses. QEMU adds rng-seed instead of kaslr-seed. > Not the kernel physical placement. It randomizes only the virtual placement Thanks Ilias > > Best regards > > Heinrich > > > > > Regards, > > Simon > > > > > >> > >> Regards > >> /Ilias > >>> > >>> Best regards > >>> > >>> Heinrich > >>> > >>>>> > >>>>> Signed-off-by: Heinrich Schuchardt < > heinrich.schucha...@canonical.com> > >>>>> --- > >>>>> include/efi_loader.h | 2 +- > >>>>> lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++----- > >>>>> lib/efi_loader/efi_helper.c | 2 +- > >>>>> 3 files changed, 12 insertions(+), 7 deletions(-) > >>>> > >>>> [..] > >>>> > >>>> Regards, > >>>> Simon > >>> > >
