From patchwork Fri Mar 10 12:50:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13169246 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BD914C64EC4 for ; Fri, 10 Mar 2023 12:51:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=IVv8wXtc6Jhfd3fgwiUBHWdYQuGAQMOeuDEsYO15VXw=; b=b5NNscZ/ass1Bf EW+BwVQN36dA4fsm2SQhzmJLwe1Ew1zXWfO5ngYtwoPY34ikt4+nSm14/L+2t1cTIHx0kATYdvfrN w9/jiKDIIVw7OIR/oaR3nDYuffAejAQXXNOy9rZht5ERT+Ts22I8SMXV00X/rA+1lwX+t+tS79q6M nbRfMQSBa2VtngMx8/gtpuDRDVDCdvxc1pVoK7jyHIx30lLqA7/p/kFDXzvvlQV4lIxReut1o02js kDPu1oLYp4ZaYG/mjIrKajA+IbwiJDYmmJQXdKNXV+5YxUA6xxeWRyK4V+ANs2mHJphvRAA+rcpxS pJAoGcXHPHG8BVl9HEsA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pacCy-00EXzK-BF; Fri, 10 Mar 2023 12:50:52 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pacCi-00EXvm-Ep for linux-arm-kernel@lists.infradead.org; Fri, 10 Mar 2023 12:50:37 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D8135B82293; Fri, 10 Mar 2023 12:50:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F13AEC433D2; Fri, 10 Mar 2023 12:50:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1678452633; bh=hDGDslrgVDkeI/7kh/l0dfJL9zfNgMwf25WV/aUlCEY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cqHbESWlv8NCnaQn1/2xo0zNaR7grocnU72jEiJio05AaZsxV/WycllqtOtp4ZiIc 1e8MoK/BlZcn6xZDFWAtKigrIiPCyf07N8MKFYBLzz1LsedfHqYByli6+O5BRk3TxA MoRMdqQ93OD0Occt5EF37Zt+JtlBgEAdAcct4x2LqYHyXkE2p0sNHXYtNl6MyjKOLf BvYNMPyHv57HIWPnaCYBb8GWkFTbC1fpkB9Pt45zU3+RZsy5qre4nfsbutMiS/vviy UkDz6+SFVzZxucxkqnYRJG+oP50BdVG5J0ZyDd3brQmzLcGk1zXMaCrPoEGrs3XqmJ BTRMfqCAYZqEQ== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Peter Jones , Gerd Hoffmann , Ilias Apalodimas , Kees Cook , stable@vger.kernel.org Subject: [PATCH 1/3] efi/libstub: zboot: Mark zboot EFI application as NX compatible Date: Fri, 10 Mar 2023 13:50:24 +0100 Message-Id: <20230310125026.3390928-2-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310125026.3390928-1-ardb@kernel.org> References: <20230310125026.3390928-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1016; i=ardb@kernel.org; h=from:subject; bh=hDGDslrgVDkeI/7kh/l0dfJL9zfNgMwf25WV/aUlCEY=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYVbfUKM2CMZhpk9/QJsU/4XXShonliQIRY7zYm/jnXvj A03LDs7SlkYxDgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwERELzIy9NVn7J9yROTS5tJZ n47f35D9w/Sq0JJ1z1Wbc44K/P/BoM/wVzTjY9pJ/in1F1VvrJ9ptVVTgL1tx79X98rrL/y8mL6 FjRUA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230310_045036_686275_1BBCEE9D X-CRM114-Status: GOOD ( 13.69 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Now that the zboot loader will invoke the EFI memory attributes protocol to remap the decompressed code and rodata as read-only/executable, we can set the PE/COFF header flag that indicates to the firmware that the application does not rely on writable memory being executable at the same time. Cc: # v6.2+ Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/zboot-header.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S index ec4525d40e0cf6d6..445cb646eaaaf1c6 100644 --- a/drivers/firmware/efi/libstub/zboot-header.S +++ b/drivers/firmware/efi/libstub/zboot-header.S @@ -63,7 +63,7 @@ __efistub_efi_zboot_header: .long .Lefi_header_end - .Ldoshdr .long 0 .short IMAGE_SUBSYSTEM_EFI_APPLICATION - .short 0 + .short IMAGE_DLL_CHARACTERISTICS_NX_COMPAT #ifdef CONFIG_64BIT .quad 0, 0, 0, 0 #else From patchwork Fri Mar 10 12:50:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13169245 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0A475C64EC4 for ; Fri, 10 Mar 2023 12:51:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=9sWuJzmCF4WGT9DEHN3so7yQuJzLwSzMvMfCdPAaPI8=; b=XWUdvVRaWfbNgX vmSw9peUovdGsanMWeudsJnbrx+CPwh9r1QKwoZkm6ABJUcneIRsYsDRv8vN9eAfo2oSpsiFxCEFU wFC7rlZ4vpcgAewoKv8af5K0BdpFwYNrWu7Qx1YsaBucq3U74oZ3K5jcQ0pxFnPtzwVhzJOVgovU/ /cgf2Tw2r2kYhrI+JyrlaSrT9fkeb+BoUGROc+ED5esyKYZwsHYhZ8tY+ZVTCM5kkKJaE/LXuKCaN D7qeTMGHXXaHd26hlZmh00ezhBwNBXBk9cd/YVPZPWbIk8N5IE/sLL8yB+O1cyH+QoWmHPnO8Z2Zn FiyVS+YqE/HfYPdEnYvg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pacCq-00EXyA-9v; Fri, 10 Mar 2023 12:50:44 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pacCi-00EXvt-AE for linux-arm-kernel@lists.infradead.org; Fri, 10 Mar 2023 12:50:37 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AC18960AEE; Fri, 10 Mar 2023 12:50:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C40CC4339B; Fri, 10 Mar 2023 12:50:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1678452635; bh=Q2hOEReJ8XL6o95bm/6W8U9iYAmkT6SKYEkF7NI1eIw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XoiL+vJBoLsAmX7P8HQkr4D55apLMLxZaJaUCSJrV9J1Kx+QzH+rF5to/b5fvDdvE 5J5bScmOsuvOdfz2er5gq0Br2NaJQ5zQmJu096jBgVSUuitwlAynvtA2exRj6WnOuD mQaDr6eALypLDiNZ980OYby6dJ+6jSmQjt/T/qZtrhD0BYJ2iSGunYYLGjHldGNWtB 5caQI7c3m+aCsUAOEjhxc1WjUTiq0ajCcrFOCH1DFMMfm8G3OiwEq4Tr5AoBkMq38u PceoZvpuT0NaSCJof+78Ua59YdxANzTK4SvWykDiMlR3jCBRFFIBGqY+vFQpYf5uH/ MLTkkm2EZ/Ozg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Peter Jones , Gerd Hoffmann , Ilias Apalodimas , Kees Cook Subject: [PATCH 2/3] efi/libstub: arm64: Remap relocated image with strict permissions Date: Fri, 10 Mar 2023 13:50:25 +0100 Message-Id: <20230310125026.3390928-3-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310125026.3390928-1-ardb@kernel.org> References: <20230310125026.3390928-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=882; i=ardb@kernel.org; h=from:subject; bh=Q2hOEReJ8XL6o95bm/6W8U9iYAmkT6SKYEkF7NI1eIw=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYVbfWKK9zeVjV22gjuF5uRNe374UkPTX735e3cw96x9v 2D/JNbzHaUsDGIcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAiBcsZGZ5W7fvSdHshb8jE QFbVW0qS/T8OBjKvWqXMzS688EPj7UkM/9PjfVaYij98tG797J/z/iw00M9+NenJusoGw/Ico3J HaW4A X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230310_045036_406166_12AAF9C9 X-CRM114-Status: GOOD ( 10.07 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org After relocating the executable image, use the EFI memory attributes protocol to remap the code and data regions with the appropriate permissions. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index d4a6b12a87413024..b996553cdb4c3587 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -139,6 +139,7 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, *image_addr = *reserve_addr; memcpy((void *)*image_addr, _text, kernel_size); caches_clean_inval_pou(*image_addr, *image_addr + kernel_codesize); + efi_remap_image(*image_addr, *reserve_size, kernel_codesize); return EFI_SUCCESS; } From patchwork Fri Mar 10 12:50:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13169247 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DDEE9C64EC4 for ; Fri, 10 Mar 2023 12:51:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=fJCCk/PpkTvbrJ5l916dqqzYTosth4igLLGpdV5ljFs=; b=oIiLjupjeGckuO wkREMMqG3DyJlQ+PMNs9LyFj5jLMXFVagmthI4Bp0ahiIiKyguCFbzTkyHVHzLJW982/QuCEzt9lv H668CGbo8i8yeqEdnY+4RkRpF7TrVzmt/GPt9dyG7GE63+F3m9UcI8h2mGfK4klCeAn9OQPNHPk6n gEriZbF3DN//DypSzbqeMYqy0L4TsNZkxzmhNGAe7Bey08r0Bhke7wMXhS+D3Kg/JLiLwHrL7aJvK IBiEhFyDeFUQlS5r34ZKW68wTTopiHxHXBdaR5mZLBXabIBZVaFTeLvsU2BRfpeSf1N0HZyXEaMXT p82b8oc5b4EXugiH5LGQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pacD5-00EY1O-U1; Fri, 10 Mar 2023 12:51:00 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pacCm-00EXxB-40 for linux-arm-kernel@lists.infradead.org; Fri, 10 Mar 2023 12:50:41 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C1C75B82288; Fri, 10 Mar 2023 12:50:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E6ECEC433A0; Fri, 10 Mar 2023 12:50:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1678452637; bh=BqKhyq61XLwE5zjXHgnp77pAKVfvsJyOg3BEBwYYKxs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=amlGisrBByhHrXBn8pVJVwrdDZkhK5wNLSB7fzsPwKi9VAjTRFeruuAb96JhcK1xt H5zAQtT8VQb2ryy4X5JRI1usJP+50PUz6v6ZzUWmuiJz+EW+PM20+Ug3jSOxzicahS WZ/O6D/NFNkFfoB8788oaNVWaPGOAzJ7TkBnIn16tRVJZ/rM/pvBMnzI+nhxSD+5dY jwQtUqJEYxrDdXMskG4F4D5ahFNOVnC9eGjya8bgq2Ba2yQEauLWhhhVs7lFw5R7gv pqvt3tY2ifWA5zIbF+oHoSaDD0iUPWiVpZ+WqAfrDJli9N+ibqVQ5u7edxrdPIJcl3 X+sV2cDeF/eIA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Peter Jones , Gerd Hoffmann , Ilias Apalodimas , Kees Cook , stable@vger.kernel.org Subject: [PATCH 3/3] arm64: efi: Set NX compat flag in PE/COFF header Date: Fri, 10 Mar 2023 13:50:26 +0100 Message-Id: <20230310125026.3390928-4-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310125026.3390928-1-ardb@kernel.org> References: <20230310125026.3390928-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1551; i=ardb@kernel.org; h=from:subject; bh=BqKhyq61XLwE5zjXHgnp77pAKVfvsJyOg3BEBwYYKxs=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIYVbfeKfc9H9FbbW/f4d58wbDv5k/lnixXqAyz8tlk3a9 PPaAOWOUhYGMQ4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJGdNxn+l2RP+Np1rzGuv+L5 Mq4n4n/VucVLji8VXqenqHRmt2qtPyNDw9Sg+iNNKpHuiZNKRaYyX9jtPa2wWnzLsbeP/25Vm/C XHwA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230310_045040_333719_08BFF836 X-CRM114-Status: GOOD ( 18.40 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The PE/COFF header has a NX compat flag which informs the firmware that the application does not rely on memory regions being mapped with both executable and writable permissions at the same time. This is typically used by the firmware to decide whether it can set the NX attribute on all allocations it returns, but going forward, it may be used to enforce a policy that only permits applications with the NX flag set to be loaded to begin wiht in some configurations, e.g., when Secure Boot is in effect. Even though the arm64 version of the EFI stub may relocate the kernel before executing it, it always did so after disabling the MMU, and so we were always in line with what the NX compat flag conveys, we just never bothered to set it. So let's set the flag now. Cc: Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/efi-header.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S index 28d8a5dca5f12978..d731b4655df8eb27 100644 --- a/arch/arm64/kernel/efi-header.S +++ b/arch/arm64/kernel/efi-header.S @@ -66,7 +66,7 @@ .long .Lefi_header_end - .L_head // SizeOfHeaders .long 0 // CheckSum .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem - .short 0 // DllCharacteristics + .short IMAGE_DLL_CHARACTERISTICS_NX_COMPAT // DllCharacteristics .quad 0 // SizeOfStackReserve .quad 0 // SizeOfStackCommit .quad 0 // SizeOfHeapReserve