From patchwork Fri Nov 18 13:32:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13048249 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AECAC4332F for ; Fri, 18 Nov 2022 13:34:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242180AbiKRNeE (ORCPT ); Fri, 18 Nov 2022 08:34:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235303AbiKRNdQ (ORCPT ); Fri, 18 Nov 2022 08:33:16 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F7908FF85; Fri, 18 Nov 2022 05:32:55 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 20EFBB823B8; Fri, 18 Nov 2022 13:32:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5103AC433D7; Fri, 18 Nov 2022 13:32:52 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="gB7VV9jP" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+rn43NMm2YFbXIKxqcJTRkqXmYYbQTLqTZ42eLiNxak=; b=gB7VV9jPyENstcotO2itt/6NqlfkYEDwmJwFHc7M08FmUDqLboNz/7G/VB8y7bpB4e7bP9 c8cY9AlAQa3BS8s+AcU0ShpdXM7HOiAM8YJQ2O8XC7fqWKQRQsHRDvDzR4ackIfz042Avd AVR9/M/0DXsfxNRxA0ybqp20Tj32FhM= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id e06189ab (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:51 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 1/5] efi: vars: prohibit reading random seed variables Date: Fri, 18 Nov 2022 14:32:35 +0100 Message-Id: <20221118133239.2515648-2-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In anticipation of putting random seeds in EFI variables, it's important that the random GUID namespace of variables remains hidden from userspace. We accomplish this by not populating efivarfs with entries from that GUID, as well as denying the creation of new ones in that GUID. Signed-off-by: Jason A. Donenfeld --- fs/efivarfs/inode.c | 4 ++++ fs/efivarfs/super.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c index 939e5e242b98..617f3ad2485e 100644 --- a/fs/efivarfs/inode.c +++ b/fs/efivarfs/inode.c @@ -91,6 +91,10 @@ static int efivarfs_create(struct user_namespace *mnt_userns, struct inode *dir, err = guid_parse(dentry->d_name.name + namelen + 1, &var->var.VendorGuid); if (err) goto out; + if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) { + err = -EPERM; + goto out; + } if (efivar_variable_is_removable(var->var.VendorGuid, dentry->d_name.name, namelen)) diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c index 6780fc81cc11..07e82e246666 100644 --- a/fs/efivarfs/super.c +++ b/fs/efivarfs/super.c @@ -116,6 +116,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor, int err = -ENOMEM; bool is_removable = false; + if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) + return 0; + entry = kzalloc(sizeof(*entry), GFP_KERNEL); if (!entry) return err; From patchwork Fri Nov 18 13:32:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13048250 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 240B9C4332F for ; Fri, 18 Nov 2022 13:34:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242064AbiKRNeL (ORCPT ); Fri, 18 Nov 2022 08:34:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242079AbiKRNdj (ORCPT ); Fri, 18 Nov 2022 08:33:39 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A0DB903A2; Fri, 18 Nov 2022 05:32:58 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 074E2B823BE; Fri, 18 Nov 2022 13:32:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2C95AC433C1; Fri, 18 Nov 2022 13:32:55 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="ohytgDOJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778374; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z69aXawrfufSKW/RjtDgmumOVJvqFZkCZEOLY5WSnnc=; b=ohytgDOJH180kmo7Zc4g9dCjNiDGQB4lKgfEkm27skLwRna94u4Rp19QszrLjFsq2IisEV yYqhsRDCQo1PGIKnyi7b5OlbpPoS67SzFFqyPyIcv255J7SiXopt57kpUQX+2yi7kF2diz VP6ku7jx64ZP3r9kT1pvcuynqaJjZG8= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id a0869f8f (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:54 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 2/5] efi: stub: use random seed from EFI variable Date: Fri, 18 Nov 2022 14:32:36 +0100 Message-Id: <20221118133239.2515648-3-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org EFI has a rather unique benefit that it has access to some limited non-volatile storage, where the kernel can store a random seed. Read that seed in EFISTUB and concatenate it with other seeds we wind up passing onward to the kernel in the configuration table. This is complementary to the current other two sources - previous bootloaders, and the EFI RNG protocol. Signed-off-by: Jason A. Donenfeld --- drivers/firmware/efi/libstub/random.c | 59 +++++++++++++++++++++------ include/linux/efi.h | 1 + 2 files changed, 48 insertions(+), 12 deletions(-) diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c index f85d2c066877..1e72013a6457 100644 --- a/drivers/firmware/efi/libstub/random.c +++ b/drivers/firmware/efi/libstub/random.c @@ -67,14 +67,25 @@ efi_status_t efi_random_get_seed(void) efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; efi_guid_t rng_algo_raw = EFI_RNG_ALGORITHM_RAW; efi_guid_t rng_table_guid = LINUX_EFI_RANDOM_SEED_TABLE_GUID; + efi_char16_t rng_nv_seed_var[] = LINUX_EFI_RANDOM_NV_SEED_VAR; struct linux_efi_random_seed *prev_seed, *seed = NULL; - int prev_seed_size = 0, seed_size = EFI_RANDOM_SEED_SIZE; + u8 nv_seed[EFI_RANDOM_SEED_SIZE]; + unsigned long prev_seed_size = 0, nv_seed_size = sizeof(nv_seed), seed_size = 0, offset = 0; efi_rng_protocol_t *rng = NULL; efi_status_t status; status = efi_bs_call(locate_protocol, &rng_proto, NULL, (void **)&rng); - if (status != EFI_SUCCESS) - return status; + if (status == EFI_SUCCESS) + seed_size += EFI_RANDOM_SEED_SIZE; + + status = get_efi_var(rng_nv_seed_var, &rng_table_guid, NULL, &nv_seed_size, nv_seed); + if (status == EFI_SUCCESS) + seed_size += nv_seed_size; + else + nv_seed_size = 0; + + if (!seed_size) + return EFI_NOT_FOUND; /* * Check whether a seed was provided by a prior boot stage. In that @@ -83,7 +94,7 @@ efi_status_t efi_random_get_seed(void) * Note that we should read the seed size with caution, in case the * table got corrupted in memory somehow. */ - prev_seed = get_efi_config_table(LINUX_EFI_RANDOM_SEED_TABLE_GUID); + prev_seed = get_efi_config_table(rng_table_guid); if (prev_seed && prev_seed->size <= 512U) { prev_seed_size = prev_seed->size; seed_size += prev_seed_size; @@ -103,7 +114,7 @@ efi_status_t efi_random_get_seed(void) } status = efi_call_proto(rng, get_rng, &rng_algo_raw, - EFI_RANDOM_SEED_SIZE, seed->bits); + EFI_RANDOM_SEED_SIZE, seed->bits + offset); if (status == EFI_UNSUPPORTED) /* @@ -111,16 +122,40 @@ efi_status_t efi_random_get_seed(void) * is not implemented. */ status = efi_call_proto(rng, get_rng, NULL, - EFI_RANDOM_SEED_SIZE, seed->bits); + EFI_RANDOM_SEED_SIZE, seed->bits + offset); - if (status != EFI_SUCCESS) + if (status == EFI_SUCCESS) + offset += EFI_RANDOM_SEED_SIZE; + + if (nv_seed_size) { + memcpy(seed->bits + offset, nv_seed, nv_seed_size); + memzero_explicit(nv_seed, nv_seed_size); + /* + * Zero it out before committing to using it. TODO: in the + * future, maybe we can hash it forward instead, which is + * better and also reduces the amount of writes here. + */ + status = set_efi_var(rng_nv_seed_var, &rng_table_guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, nv_seed_size, nv_seed); + if (status == EFI_SUCCESS) + status = set_efi_var(rng_nv_seed_var, &rng_table_guid, 0, 0, NULL); + if (status == EFI_SUCCESS) + offset += nv_seed_size; + else + memzero_explicit(seed->bits + offset, nv_seed_size); + } + + if (!offset) goto err_freepool; - seed->size = seed_size; - if (prev_seed_size) - memcpy(seed->bits + EFI_RANDOM_SEED_SIZE, prev_seed->bits, - prev_seed_size); + if (prev_seed_size) { + memcpy(seed->bits + offset, prev_seed->bits, prev_seed_size); + offset += prev_seed_size; + } + seed->size = offset; status = efi_bs_call(install_configuration_table, &rng_table_guid, seed); if (status != EFI_SUCCESS) goto err_freepool; @@ -135,7 +170,7 @@ efi_status_t efi_random_get_seed(void) err_freepool: memzero_explicit(seed, struct_size(seed, bits, seed_size)); efi_bs_call(free_pool, seed); - efi_warn("Failed to obtain seed from EFI_RNG_PROTOCOL\n"); + efi_warn("Failed to obtain seed from EFI_RNG_PROTOCOL and EFI variable\n"); err_warn: if (prev_seed) efi_warn("Retaining bootloader-supplied seed only"); diff --git a/include/linux/efi.h b/include/linux/efi.h index 4aa1dbc7b064..ca02685ec004 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -408,6 +408,7 @@ void efi_native_runtime_setup(void); #define LINUX_EFI_ARM_CPU_STATE_TABLE_GUID EFI_GUID(0xef79e4aa, 0x3c3d, 0x4989, 0xb9, 0x02, 0x07, 0xa9, 0x43, 0xe5, 0x50, 0xd2) #define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) #define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b) +#define LINUX_EFI_RANDOM_NV_SEED_VAR L"RandomSeed" #define LINUX_EFI_TPM_EVENT_LOG_GUID EFI_GUID(0xb7799cb0, 0xeca2, 0x4943, 0x96, 0x67, 0x1f, 0xae, 0x07, 0xb7, 0x47, 0xfa) #define LINUX_EFI_TPM_FINAL_LOG_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25) #define LINUX_EFI_MEMRESERVE_TABLE_GUID EFI_GUID(0x888eb0c6, 0x8ede, 0x4ff5, 0xa8, 0xf0, 0x9a, 0xee, 0x5c, 0xb9, 0x77, 0xc2) From patchwork Fri Nov 18 13:32:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13048251 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 974F0C43217 for ; Fri, 18 Nov 2022 13:34:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242197AbiKRNeQ (ORCPT ); Fri, 18 Nov 2022 08:34:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242081AbiKRNdp (ORCPT ); Fri, 18 Nov 2022 08:33:45 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 526B6725C0; Fri, 18 Nov 2022 05:33:01 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 0FB6FB823BF; Fri, 18 Nov 2022 13:33:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1580FC433D7; Fri, 18 Nov 2022 13:32:58 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="jiXTeqN0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pVOAuUurkSZhqoCynPhpK1wmGlEDvQbtxxXUmLKcLxQ=; b=jiXTeqN0sJh8nDspBt7v9n4uCm5NxBMDKlGot/7ACpkhTVNNZpAmahusssQiYOAGl7YuBN 8uyL/T7foQ40OnSL2mynkEZz+05W7ec90x6RGlGtDqSfRHMtjafl1vXcJRsB3QXtvrgQbm uzCo025hvf1ff0j8lhm67iCeSqqESEQ= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 7bb348be (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:56 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 3/5] random: add back async readiness notifier Date: Fri, 18 Nov 2022 14:32:37 +0100 Message-Id: <20221118133239.2515648-4-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This is required by vsprint, because it can't do things synchronously from hardirq context, and it will be useful for an EFI notifier as well. I didn't initially want to do this, but with two potential consumers now, it seems worth it. Signed-off-by: Jason A. Donenfeld --- drivers/char/random.c | 20 ++++++++++++++++++++ include/linux/random.h | 1 + 2 files changed, 21 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 65ee69896967..1185fe11b719 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -84,6 +84,7 @@ static DEFINE_STATIC_KEY_FALSE(crng_is_ready); /* Various types of waiters for crng_init->CRNG_READY transition. */ static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait); static struct fasync_struct *fasync; +static ATOMIC_NOTIFIER_HEAD(random_ready_notifier); /* Control how we warn userspace. */ static struct ratelimit_state urandom_warning = @@ -140,6 +141,24 @@ int wait_for_random_bytes(void) } EXPORT_SYMBOL(wait_for_random_bytes); +/* + * Add a callback function that will be invoked when the crng is initialised, + * or immediately if it already has been. + */ +int __cold execute_with_initialized_rng(struct notifier_block *nb) +{ + unsigned long flags; + int ret = 0; + + spin_lock_irqsave(&random_ready_notifier.lock, flags); + if (crng_ready()) + nb->notifier_call(nb, 0, NULL); + else + ret = raw_notifier_chain_register((struct raw_notifier_head *)&random_ready_notifier.head, nb); + spin_unlock_irqrestore(&random_ready_notifier.lock, flags); + return ret; +} + #define warn_unseeded_randomness() \ if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready()) \ printk_deferred(KERN_NOTICE "random: %s called from %pS with crng_init=%d\n", \ @@ -697,6 +716,7 @@ static void __cold _credit_init_bits(size_t bits) crng_reseed(NULL); /* Sets crng_init to CRNG_READY under base_crng.lock. */ if (static_key_initialized) execute_in_process_context(crng_set_ready, &set_ready); + atomic_notifier_call_chain(&random_ready_notifier, 0, NULL); wake_up_interruptible(&crng_init_wait); kill_fasync(&fasync, SIGIO, POLL_IN); pr_notice("crng init done\n"); diff --git a/include/linux/random.h b/include/linux/random.h index 579117d83eb8..b1a34181eed6 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -120,6 +120,7 @@ void __init random_init_early(const char *command_line); void __init random_init(void); bool rng_is_initialized(void); int wait_for_random_bytes(void); +int execute_with_initialized_rng(struct notifier_block *nb); /* Calls wait_for_random_bytes() and then calls get_random_bytes(buf, nbytes). * Returns the result of the call to wait_for_random_bytes. */ From patchwork Fri Nov 18 13:32:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13048252 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AD66C433FE for ; Fri, 18 Nov 2022 13:34:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242126AbiKRNeg (ORCPT ); Fri, 18 Nov 2022 08:34:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53860 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242123AbiKRNdu (ORCPT ); Fri, 18 Nov 2022 08:33:50 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E65C91504; Fri, 18 Nov 2022 05:33:02 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 808616240E; Fri, 18 Nov 2022 13:33:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C125C433D6; Fri, 18 Nov 2022 13:33:00 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="G0A2QFa0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KRI7c0jyO81WH8LhGQd5yn6JLdZ1nNbkFYrsF+JdkxI=; b=G0A2QFa06c2vme6/Qitw8okO4LXJIpDqVFWKn18clZ4r0m65OFEa++PJHAysuO7ER5MDL/ +H5MFBVuYrRRwGioQrCsQ8br1z40XM2Xl849jbejS9wGUI7DP01Vl185aUDJGBKYSx2CVK 6+e/5l2w/Oiza9h74/G0nyz/tPQSi4w= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id e8982513 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:32:59 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" , Mike Galbraith , Sebastian Andrzej Siewior , Petr Mladek Subject: [PATCH v2 4/5] vsprintf: initialize siphash key using notifier Date: Fri, 18 Nov 2022 14:32:38 +0100 Message-Id: <20221118133239.2515648-5-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Rather than polling every second, use the new notifier to do this at exactly the right moment. Cc: Mike Galbraith Cc: Sebastian Andrzej Siewior Cc: Petr Mladek Signed-off-by: Jason A. Donenfeld --- lib/vsprintf.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 24f37bab8bc1..890607b32235 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -41,6 +41,7 @@ #include #include #include +#include #ifdef CONFIG_BLOCK #include #endif @@ -752,26 +753,21 @@ early_param("debug_boot_weak_hash", debug_boot_weak_hash_enable); static bool filled_random_ptr_key __read_mostly; static siphash_key_t ptr_key __read_mostly; -static void fill_ptr_key_workfn(struct work_struct *work); -static DECLARE_DELAYED_WORK(fill_ptr_key_work, fill_ptr_key_workfn); -static void fill_ptr_key_workfn(struct work_struct *work) +static int fill_ptr_key(struct notifier_block *nb, unsigned long action, void *data) { - if (!rng_is_initialized()) { - queue_delayed_work(system_unbound_wq, &fill_ptr_key_work, HZ * 2); - return; - } - get_random_bytes(&ptr_key, sizeof(ptr_key)); /* Pairs with smp_rmb() before reading ptr_key. */ smp_wmb(); WRITE_ONCE(filled_random_ptr_key, true); + return 0; } static int __init vsprintf_init_hashval(void) { - fill_ptr_key_workfn(NULL); + static struct notifier_block fill_ptr_key_nb = { .notifier_call = fill_ptr_key }; + execute_with_initialized_rng(&fill_ptr_key_nb); return 0; } subsys_initcall(vsprintf_init_hashval) From patchwork Fri Nov 18 13:32:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13048253 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6C1CC4332F for ; Fri, 18 Nov 2022 13:34:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242033AbiKRNey (ORCPT ); Fri, 18 Nov 2022 08:34:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242190AbiKRNeG (ORCPT ); Fri, 18 Nov 2022 08:34:06 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA599920A3; Fri, 18 Nov 2022 05:33:06 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 66B956250F; Fri, 18 Nov 2022 13:33:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30FE1C433C1; Fri, 18 Nov 2022 13:33:05 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="RJUXvtvl" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668778383; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Nh+wKp8yEnal64w+3O1z4UzVRdj34fdKJzoeu8AGeCc=; b=RJUXvtvljmI7nM8jcrYjPJSKIeKiEHKTM0jT3pZbVZlfbnEdta+WRkCwltOF8J8+FwHPvq /+3ggZVwSf20Q0cmbQyDlGNU1SSUYo70B34KakKLgRUCu7nO0a9tVhojBiu0pzZMdQ2XVj z7cfy8Phi9lOzGsdGyNKQ7R98T1JaOI= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c42b9edb (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 18 Nov 2022 13:33:03 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v2 5/5] efi: random: refresh non-volatile random seed when RNG is initialized Date: Fri, 18 Nov 2022 14:32:39 +0100 Message-Id: <20221118133239.2515648-6-Jason@zx2c4.com> In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com> References: <20221118133239.2515648-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org EFI has a rather unique benefit that it has access to some limited non-volatile storage, where the kernel can store a random seed. Register a notification for when the RNG is initialized, and at that point, store a new random seed. Signed-off-by: Jason A. Donenfeld Reviewed-by: Ard Biesheuvel --- drivers/firmware/efi/efi.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index f12cc29bd4b8..f8edf6164833 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -337,6 +337,24 @@ static void __init efi_debugfs_init(void) static inline void efi_debugfs_init(void) {} #endif +static void refresh_nv_rng_seed(struct work_struct *work) +{ + u8 seed[EFI_RANDOM_SEED_SIZE]; + + get_random_bytes(seed, sizeof(seed)); + efi.set_variable(LINUX_EFI_RANDOM_NV_SEED_VAR, &LINUX_EFI_RANDOM_SEED_TABLE_GUID, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, sizeof(seed), seed); + memzero_explicit(seed, sizeof(seed)); +} +static int refresh_nv_rng_seed_notification(struct notifier_block *nb, unsigned long action, void *data) +{ + static DECLARE_WORK(work, refresh_nv_rng_seed); + schedule_work(&work); + return 0; +} +static struct notifier_block refresh_nv_rng_seed_nb = { .notifier_call = refresh_nv_rng_seed_notification }; + /* * We register the efi subsystem with the firmware subsystem and the * efivars subsystem with the efi subsystem, if the system was booted with @@ -413,6 +431,7 @@ static int __init efisubsys_init(void) platform_device_register_simple("efi_secret", 0, NULL, 0); #endif + execute_with_initialized_rng(&refresh_nv_rng_seed_nb); return 0; err_remove_group: