From patchwork Tue Nov 22 02:04:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13051808 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 611F9C43217 for ; Tue, 22 Nov 2022 02:04:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232452AbiKVCEV (ORCPT ); Mon, 21 Nov 2022 21:04:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232454AbiKVCEU (ORCPT ); Mon, 21 Nov 2022 21:04:20 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BC00DEACD; Mon, 21 Nov 2022 18:04:18 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 57F41B818E7; Tue, 22 Nov 2022 02:04:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 51D66C433D7; Tue, 22 Nov 2022 02:04:15 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="KlNhuaG/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1669082654; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+rn43NMm2YFbXIKxqcJTRkqXmYYbQTLqTZ42eLiNxak=; b=KlNhuaG/xR8W6HdklgmSDbdvVf1Ip08ubSYsrQvA54zolXDK9aP+NfM+QWweGZzPRuZTa2 /5Pne4xPKavjZtq3w/5BfE4zjdCNtJqln2X/06j78HDEqB9olx1WShnXkfIcl3CI8Zyfit QMAxKaJFxK7lT7dJUoTYQt8MXGtTtzA= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 6a8be201 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 22 Nov 2022 02:04:13 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org, ardb@kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v3 1/5] efi: vars: prohibit reading random seed variables Date: Tue, 22 Nov 2022 03:04:00 +0100 Message-Id: <20221122020404.3476063-2-Jason@zx2c4.com> In-Reply-To: <20221122020404.3476063-1-Jason@zx2c4.com> References: <20221122020404.3476063-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In anticipation of putting random seeds in EFI variables, it's important that the random GUID namespace of variables remains hidden from userspace. We accomplish this by not populating efivarfs with entries from that GUID, as well as denying the creation of new ones in that GUID. Signed-off-by: Jason A. Donenfeld --- fs/efivarfs/inode.c | 4 ++++ fs/efivarfs/super.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c index 939e5e242b98..617f3ad2485e 100644 --- a/fs/efivarfs/inode.c +++ b/fs/efivarfs/inode.c @@ -91,6 +91,10 @@ static int efivarfs_create(struct user_namespace *mnt_userns, struct inode *dir, err = guid_parse(dentry->d_name.name + namelen + 1, &var->var.VendorGuid); if (err) goto out; + if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) { + err = -EPERM; + goto out; + } if (efivar_variable_is_removable(var->var.VendorGuid, dentry->d_name.name, namelen)) diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c index 6780fc81cc11..07e82e246666 100644 --- a/fs/efivarfs/super.c +++ b/fs/efivarfs/super.c @@ -116,6 +116,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor, int err = -ENOMEM; bool is_removable = false; + if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) + return 0; + entry = kzalloc(sizeof(*entry), GFP_KERNEL); if (!entry) return err; From patchwork Tue Nov 22 02:04:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13051809 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4B30C433FE for ; Tue, 22 Nov 2022 02:04:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232480AbiKVCEd (ORCPT ); Mon, 21 Nov 2022 21:04:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232464AbiKVCEV (ORCPT ); Mon, 21 Nov 2022 21:04:21 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F3EBDEAE8; Mon, 21 Nov 2022 18:04:20 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 4FE38B8136A; Tue, 22 Nov 2022 02:04:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 54890C433D6; Tue, 22 Nov 2022 02:04:17 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="dl6cffAN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1669082656; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sRRUJbIcSnr8ZTNHq3sI4HzNBqRBBqfcvWMclFygaoU=; b=dl6cffANAexQpw8uQfoTRvNYbcmSWvDo6qlGlaZVWbcJMW4joFsgo1HkW3BKX/Z9uQfEF+ sm+cpTuhIfgQtAiv5zJUtt+kTMoFMCkqQ89tknm0VUsPDvtUDWzW/BEwer/jfbbE1UP8Tn lp+6jTFLssgWXDdQA9BBGar4O4XzPmA= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 57080fb0 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 22 Nov 2022 02:04:16 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org, ardb@kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v3 2/5] efi: stub: use random seed from EFI variable Date: Tue, 22 Nov 2022 03:04:01 +0100 Message-Id: <20221122020404.3476063-3-Jason@zx2c4.com> In-Reply-To: <20221122020404.3476063-1-Jason@zx2c4.com> References: <20221122020404.3476063-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org EFI has a rather unique benefit that it has access to some limited non-volatile storage, where the kernel can store a random seed. Read that seed in EFISTUB and concatenate it with other seeds we wind up passing onward to the kernel in the configuration table. This is complementary to the current other two sources - previous bootloaders, and the EFI RNG protocol. Signed-off-by: Jason A. Donenfeld --- drivers/firmware/efi/libstub/random.c | 55 +++++++++++++++++++++------ 1 file changed, 43 insertions(+), 12 deletions(-) diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c index f85d2c066877..64aa6e7f3a17 100644 --- a/drivers/firmware/efi/libstub/random.c +++ b/drivers/firmware/efi/libstub/random.c @@ -68,13 +68,23 @@ efi_status_t efi_random_get_seed(void) efi_guid_t rng_algo_raw = EFI_RNG_ALGORITHM_RAW; efi_guid_t rng_table_guid = LINUX_EFI_RANDOM_SEED_TABLE_GUID; struct linux_efi_random_seed *prev_seed, *seed = NULL; - int prev_seed_size = 0, seed_size = EFI_RANDOM_SEED_SIZE; + u8 nv_seed[EFI_RANDOM_SEED_SIZE]; + unsigned long prev_seed_size = 0, nv_seed_size = sizeof(nv_seed), seed_size = 0, offset = 0; efi_rng_protocol_t *rng = NULL; efi_status_t status; status = efi_bs_call(locate_protocol, &rng_proto, NULL, (void **)&rng); - if (status != EFI_SUCCESS) - return status; + if (status == EFI_SUCCESS) + seed_size += EFI_RANDOM_SEED_SIZE; + + status = get_efi_var(L"RandomSeed", &rng_table_guid, NULL, &nv_seed_size, nv_seed); + if (status == EFI_SUCCESS) + seed_size += nv_seed_size; + else + nv_seed_size = 0; + + if (!seed_size) + return EFI_NOT_FOUND; /* * Check whether a seed was provided by a prior boot stage. In that @@ -83,7 +93,7 @@ efi_status_t efi_random_get_seed(void) * Note that we should read the seed size with caution, in case the * table got corrupted in memory somehow. */ - prev_seed = get_efi_config_table(LINUX_EFI_RANDOM_SEED_TABLE_GUID); + prev_seed = get_efi_config_table(rng_table_guid); if (prev_seed && prev_seed->size <= 512U) { prev_seed_size = prev_seed->size; seed_size += prev_seed_size; @@ -103,7 +113,7 @@ efi_status_t efi_random_get_seed(void) } status = efi_call_proto(rng, get_rng, &rng_algo_raw, - EFI_RANDOM_SEED_SIZE, seed->bits); + EFI_RANDOM_SEED_SIZE, seed->bits + offset); if (status == EFI_UNSUPPORTED) /* @@ -111,16 +121,37 @@ efi_status_t efi_random_get_seed(void) * is not implemented. */ status = efi_call_proto(rng, get_rng, NULL, - EFI_RANDOM_SEED_SIZE, seed->bits); + EFI_RANDOM_SEED_SIZE, seed->bits + offset); - if (status != EFI_SUCCESS) + if (status == EFI_SUCCESS) + offset += EFI_RANDOM_SEED_SIZE; + + if (nv_seed_size) { + memcpy(seed->bits + offset, nv_seed, nv_seed_size); + memzero_explicit(nv_seed, nv_seed_size); + /* + * We delete the seed here, and /hope/ that this causes EFI to + * also zero out its representation on disk. This is somewhat + * idealistic, but overwriting the variable with zeros is + * likely just as fraught too. TODO: in the future, maybe we + * can hash it forward instead, and write a new seed. + */ + status = set_efi_var(L"RandomSeed", &rng_table_guid, 0, 0, NULL); + if (status == EFI_SUCCESS) + offset += nv_seed_size; + else + memzero_explicit(seed->bits + offset, nv_seed_size); + } + + if (!offset) goto err_freepool; - seed->size = seed_size; - if (prev_seed_size) - memcpy(seed->bits + EFI_RANDOM_SEED_SIZE, prev_seed->bits, - prev_seed_size); + if (prev_seed_size) { + memcpy(seed->bits + offset, prev_seed->bits, prev_seed_size); + offset += prev_seed_size; + } + seed->size = offset; status = efi_bs_call(install_configuration_table, &rng_table_guid, seed); if (status != EFI_SUCCESS) goto err_freepool; @@ -135,7 +166,7 @@ efi_status_t efi_random_get_seed(void) err_freepool: memzero_explicit(seed, struct_size(seed, bits, seed_size)); efi_bs_call(free_pool, seed); - efi_warn("Failed to obtain seed from EFI_RNG_PROTOCOL\n"); + efi_warn("Failed to obtain seed from EFI_RNG_PROTOCOL and EFI variable\n"); err_warn: if (prev_seed) efi_warn("Retaining bootloader-supplied seed only"); From patchwork Tue Nov 22 02:04:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13051810 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA438C43217 for ; Tue, 22 Nov 2022 02:04:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232499AbiKVCEk (ORCPT ); Mon, 21 Nov 2022 21:04:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232473AbiKVCEb (ORCPT ); Mon, 21 Nov 2022 21:04:31 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C8B2E1BCE; Mon, 21 Nov 2022 18:04:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3C358B818E6; Tue, 22 Nov 2022 02:04:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 44F00C433C1; Tue, 22 Nov 2022 02:04:20 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="qCLPoFdy" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1669082658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rLuiywXwOgU0DdSYb71cMF5DgQZCiOi2DUhSONxrrpQ=; b=qCLPoFdyiL30pd5i2LoFPnWyG4IxdR757HLvFRbXRAiy8dJvLUYt2D0ReGS23P1/GCV/M8 WltWsnBs3mlvmKCmsFE9+Ivsj9OvD1S/DnJXeK5yU25MzQ4lSOt75rUyUYDS3A8Z+X15Zr VnVJf/4iWsUnDI2eNZsxD9/hf/zKy08= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c4c33475 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 22 Nov 2022 02:04:18 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org, ardb@kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v3 3/5] random: add back async readiness notifier Date: Tue, 22 Nov 2022 03:04:02 +0100 Message-Id: <20221122020404.3476063-4-Jason@zx2c4.com> In-Reply-To: <20221122020404.3476063-1-Jason@zx2c4.com> References: <20221122020404.3476063-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This is required by vsprint, because it can't do things synchronously from hardirq context, and it will be useful for an EFI notifier as well. I didn't initially want to do this, but with two potential consumers now, it seems worth it. Signed-off-by: Jason A. Donenfeld --- drivers/char/random.c | 22 ++++++++++++++++++++++ include/linux/random.h | 1 + 2 files changed, 23 insertions(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 65ee69896967..a2a18bd3d7d7 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -84,6 +84,7 @@ static DEFINE_STATIC_KEY_FALSE(crng_is_ready); /* Various types of waiters for crng_init->CRNG_READY transition. */ static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait); static struct fasync_struct *fasync; +static ATOMIC_NOTIFIER_HEAD(random_ready_notifier); /* Control how we warn userspace. */ static struct ratelimit_state urandom_warning = @@ -140,6 +141,26 @@ int wait_for_random_bytes(void) } EXPORT_SYMBOL(wait_for_random_bytes); +/* + * Add a callback function that will be invoked when the crng is initialised, + * or immediately if it already has been. Only use this is you are absolutely + * sure it is required. Most users should instead be able to test + * `rng_is_initialized()` on demand, or make use of `get_random_bytes_wait()`. + */ +int __cold execute_with_initialized_rng(struct notifier_block *nb) +{ + unsigned long flags; + int ret = 0; + + spin_lock_irqsave(&random_ready_notifier.lock, flags); + if (crng_ready()) + nb->notifier_call(nb, 0, NULL); + else + ret = raw_notifier_chain_register((struct raw_notifier_head *)&random_ready_notifier.head, nb); + spin_unlock_irqrestore(&random_ready_notifier.lock, flags); + return ret; +} + #define warn_unseeded_randomness() \ if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready()) \ printk_deferred(KERN_NOTICE "random: %s called from %pS with crng_init=%d\n", \ @@ -697,6 +718,7 @@ static void __cold _credit_init_bits(size_t bits) crng_reseed(NULL); /* Sets crng_init to CRNG_READY under base_crng.lock. */ if (static_key_initialized) execute_in_process_context(crng_set_ready, &set_ready); + atomic_notifier_call_chain(&random_ready_notifier, 0, NULL); wake_up_interruptible(&crng_init_wait); kill_fasync(&fasync, SIGIO, POLL_IN); pr_notice("crng init done\n"); diff --git a/include/linux/random.h b/include/linux/random.h index 579117d83eb8..b1a34181eed6 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -120,6 +120,7 @@ void __init random_init_early(const char *command_line); void __init random_init(void); bool rng_is_initialized(void); int wait_for_random_bytes(void); +int execute_with_initialized_rng(struct notifier_block *nb); /* Calls wait_for_random_bytes() and then calls get_random_bytes(buf, nbytes). * Returns the result of the call to wait_for_random_bytes. */ From patchwork Tue Nov 22 02:04:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13051811 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58A35C433FE for ; Tue, 22 Nov 2022 02:04:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232504AbiKVCEl (ORCPT ); Mon, 21 Nov 2022 21:04:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232459AbiKVCEc (ORCPT ); Mon, 21 Nov 2022 21:04:32 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F26DE14D7; Mon, 21 Nov 2022 18:04:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 2403BB818E7; Tue, 22 Nov 2022 02:04:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4042BC433B5; Tue, 22 Nov 2022 02:04:22 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="Dp148rop" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1669082661; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CQp5Xt1b1pHaswbZ86gvO2c+Ls0o4Gj7yCvAYqghZs4=; b=Dp148ropguWfBS6U4rGunOxWu3O9SFddDB/Y0n7mciWLwD8rlXvuG2ujfQZvGZvlIqvs/e sqP6W2u3zp8d3lf/WsFe95jZ34Fyue6k6vMbgXrgaRdcAAguucHbIVpgRD3pu6f835hTtB wc/KbEFVHfZLX3ytWRL6oT1/oPa1qFM= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 8231b6b4 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 22 Nov 2022 02:04:21 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org, ardb@kernel.org Cc: "Jason A. Donenfeld" , Petr Mladek Subject: [PATCH v3 4/5] vsprintf: initialize siphash key using notifier Date: Tue, 22 Nov 2022 03:04:03 +0100 Message-Id: <20221122020404.3476063-5-Jason@zx2c4.com> In-Reply-To: <20221122020404.3476063-1-Jason@zx2c4.com> References: <20221122020404.3476063-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Rather than polling every second, use the new notifier to do this at exactly the right moment. Reviewed-by: Petr Mladek Signed-off-by: Jason A. Donenfeld --- lib/vsprintf.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 24f37bab8bc1..2d11541ee561 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -41,6 +41,7 @@ #include #include #include +#include #ifdef CONFIG_BLOCK #include #endif @@ -752,26 +753,21 @@ early_param("debug_boot_weak_hash", debug_boot_weak_hash_enable); static bool filled_random_ptr_key __read_mostly; static siphash_key_t ptr_key __read_mostly; -static void fill_ptr_key_workfn(struct work_struct *work); -static DECLARE_DELAYED_WORK(fill_ptr_key_work, fill_ptr_key_workfn); -static void fill_ptr_key_workfn(struct work_struct *work) +static int fill_ptr_key(struct notifier_block *nb, unsigned long action, void *data) { - if (!rng_is_initialized()) { - queue_delayed_work(system_unbound_wq, &fill_ptr_key_work, HZ * 2); - return; - } - get_random_bytes(&ptr_key, sizeof(ptr_key)); /* Pairs with smp_rmb() before reading ptr_key. */ smp_wmb(); WRITE_ONCE(filled_random_ptr_key, true); + return NOTIFY_DONE; } static int __init vsprintf_init_hashval(void) { - fill_ptr_key_workfn(NULL); + static struct notifier_block fill_ptr_key_nb = { .notifier_call = fill_ptr_key }; + execute_with_initialized_rng(&fill_ptr_key_nb); return 0; } subsys_initcall(vsprintf_init_hashval) From patchwork Tue Nov 22 02:04:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 13051812 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27FD4C43217 for ; Tue, 22 Nov 2022 02:04:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232521AbiKVCEn (ORCPT ); Mon, 21 Nov 2022 21:04:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232475AbiKVCEc (ORCPT ); Mon, 21 Nov 2022 21:04:32 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06318E1BE9; Mon, 21 Nov 2022 18:04:25 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5C33F61535; Tue, 22 Nov 2022 02:04:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30579C433C1; Tue, 22 Nov 2022 02:04:24 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="BGNj21rW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1669082663; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vkeduciqhe1mqitAhHmTJDsUwtd6lypQ7E4Gmk8k5k4=; b=BGNj21rWuQtsUCbGvvnhXgwq2HWXDcnzpwDd4fUPBlUMqG8qhfAjalEo5ae+zAN37ik/Sl VnRNqqcyzOUczsejvgUpKz1RAqmLm6CC1C/EUVnYwPTMTalv6soYIRwhHI4OTdm82EIFLA EC0ITg2PRjiAeozm43gVEkGCTGuy3sg= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 0de690a5 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 22 Nov 2022 02:04:23 +0000 (UTC) From: "Jason A. Donenfeld" To: linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org, ardb@kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH v3 5/5] efi: random: refresh non-volatile random seed when RNG is initialized Date: Tue, 22 Nov 2022 03:04:04 +0100 Message-Id: <20221122020404.3476063-6-Jason@zx2c4.com> In-Reply-To: <20221122020404.3476063-1-Jason@zx2c4.com> References: <20221122020404.3476063-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org EFI has a rather unique benefit that it has access to some limited non-volatile storage, where the kernel can store a random seed. Register a notification for when the RNG is initialized, and at that point, store a new random seed. Signed-off-by: Jason A. Donenfeld --- drivers/firmware/efi/efi.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index f12cc29bd4b8..b23ec97d68ea 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -337,6 +337,24 @@ static void __init efi_debugfs_init(void) static inline void efi_debugfs_init(void) {} #endif +static void refresh_nv_rng_seed(struct work_struct *work) +{ + u8 seed[EFI_RANDOM_SEED_SIZE]; + + get_random_bytes(seed, sizeof(seed)); + efi.set_variable(L"RandomSeed", &LINUX_EFI_RANDOM_SEED_TABLE_GUID, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, sizeof(seed), seed); + memzero_explicit(seed, sizeof(seed)); +} +static int refresh_nv_rng_seed_notification(struct notifier_block *nb, unsigned long action, void *data) +{ + static DECLARE_WORK(work, refresh_nv_rng_seed); + schedule_work(&work); + return NOTIFY_DONE; +} +static struct notifier_block refresh_nv_rng_seed_nb = { .notifier_call = refresh_nv_rng_seed_notification }; + /* * We register the efi subsystem with the firmware subsystem and the * efivars subsystem with the efi subsystem, if the system was booted with @@ -413,6 +431,7 @@ static int __init efisubsys_init(void) platform_device_register_simple("efi_secret", 0, NULL, 0); #endif + execute_with_initialized_rng(&refresh_nv_rng_seed_nb); return 0; err_remove_group: