From: Jason Yan <yanaijie@huawei.com>
To: Scott Wood <oss@buserror.net>, <mpe@ellerman.id.au>,
<linuxppc-dev@lists.ozlabs.org>, <diana.craciun@nxp.com>,
<christophe.leroy@c-s.fr>, <benh@kernel.crashing.org>,
<paulus@samba.org>, <npiggin@gmail.com>, <keescook@chromium.org>,
<kernel-hardening@lists.openwall.com>
Cc: <wangkefeng.wang@huawei.com>, <linux-kernel@vger.kernel.org>,
<jingxiangfeng@huawei.com>, <zhaohongjiang@huawei.com>,
<thunder.leizhen@huawei.com>, <fanchengyang@huawei.com>,
<yebin10@huawei.com>
Subject: Re: [PATCH v6 00/12] implement KASLR for powerpc/fsl_booke/32
Date: Thu, 29 Aug 2019 09:57:20 +0800 [thread overview]
Message-ID: <923983fc-364d-440d-5c3a-3d3d6de60d14@huawei.com> (raw)
In-Reply-To: <a39b81562bcdeda7ffe0c2c29a60ff08c77047a6.camel@buserror.net>
On 2019/8/28 12:05, Scott Wood wrote:
> On Fri, 2019-08-09 at 18:07 +0800, Jason Yan wrote:
>> This series implements KASLR for powerpc/fsl_booke/32, as a security
>> feature that deters exploit attempts relying on knowledge of the location
>> of kernel internals.
>>
>> Since CONFIG_RELOCATABLE has already supported, what we need to do is
>> map or copy kernel to a proper place and relocate.
>
> Have you tested this with a kernel that was loaded at a non-zero address? I
> tried loading a kernel at 0x04000000 (by changing the address in the uImage,
> and setting bootm_low to 04000000 in U-Boot), and it works without
> CONFIG_RANDOMIZE and fails with.
>
Not yet. I will test this kind of cases in the next days. Thank you so
much. If there are any other corner cases that have to be tested, please
let me know.
>> Freescale Book-E
>> parts expect lowmem to be mapped by fixed TLB entries(TLB1). The TLB1
>> entries are not suitable to map the kernel directly in a randomized
>> region, so we chose to copy the kernel to a proper place and restart to
>> relocate.
>>
>> Entropy is derived from the banner and timer base, which will change every
>> build and boot. This not so much safe so additionally the bootloader may
>> pass entropy via the /chosen/kaslr-seed node in device tree.
>
> How complicated would it be to directly access the HW RNG (if present) that
> early in the boot? It'd be nice if a U-Boot update weren't required (and
> particularly concerning that KASLR would appear to work without a U-Boot
> update, but without decent entropy).
>
> -Scott
>
>
>
> .
>
WARNING: multiple messages have this Message-ID (diff)
From: Jason Yan <yanaijie@huawei.com>
To: Scott Wood <oss@buserror.net>, <mpe@ellerman.id.au>,
<linuxppc-dev@lists.ozlabs.org>, <diana.craciun@nxp.com>,
<christophe.leroy@c-s.fr>, <benh@kernel.crashing.org>,
<paulus@samba.org>, <npiggin@gmail.com>, <keescook@chromium.org>,
<kernel-hardening@lists.openwall.com>
Cc: wangkefeng.wang@huawei.com, linux-kernel@vger.kernel.org,
jingxiangfeng@huawei.com, zhaohongjiang@huawei.com,
thunder.leizhen@huawei.com, fanchengyang@huawei.com,
yebin10@huawei.com
Subject: Re: [PATCH v6 00/12] implement KASLR for powerpc/fsl_booke/32
Date: Thu, 29 Aug 2019 09:57:20 +0800 [thread overview]
Message-ID: <923983fc-364d-440d-5c3a-3d3d6de60d14@huawei.com> (raw)
In-Reply-To: <a39b81562bcdeda7ffe0c2c29a60ff08c77047a6.camel@buserror.net>
On 2019/8/28 12:05, Scott Wood wrote:
> On Fri, 2019-08-09 at 18:07 +0800, Jason Yan wrote:
>> This series implements KASLR for powerpc/fsl_booke/32, as a security
>> feature that deters exploit attempts relying on knowledge of the location
>> of kernel internals.
>>
>> Since CONFIG_RELOCATABLE has already supported, what we need to do is
>> map or copy kernel to a proper place and relocate.
>
> Have you tested this with a kernel that was loaded at a non-zero address? I
> tried loading a kernel at 0x04000000 (by changing the address in the uImage,
> and setting bootm_low to 04000000 in U-Boot), and it works without
> CONFIG_RANDOMIZE and fails with.
>
Not yet. I will test this kind of cases in the next days. Thank you so
much. If there are any other corner cases that have to be tested, please
let me know.
>> Freescale Book-E
>> parts expect lowmem to be mapped by fixed TLB entries(TLB1). The TLB1
>> entries are not suitable to map the kernel directly in a randomized
>> region, so we chose to copy the kernel to a proper place and restart to
>> relocate.
>>
>> Entropy is derived from the banner and timer base, which will change every
>> build and boot. This not so much safe so additionally the bootloader may
>> pass entropy via the /chosen/kaslr-seed node in device tree.
>
> How complicated would it be to directly access the HW RNG (if present) that
> early in the boot? It'd be nice if a U-Boot update weren't required (and
> particularly concerning that KASLR would appear to work without a U-Boot
> update, but without decent entropy).
>
> -Scott
>
>
>
> .
>
next prev parent reply other threads:[~2019-08-29 1:57 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-09 10:07 [PATCH v6 00/12] implement KASLR for powerpc/fsl_booke/32 Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 01/12] powerpc: unify definition of M_IF_NEEDED Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 02/12] powerpc: move memstart_addr and kernstart_addr to init-common.c Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 03/12] powerpc: introduce kernstart_virt_addr to store the kernel base Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 04/12] powerpc/fsl_booke/32: introduce create_tlb_entry() helper Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-27 22:07 ` Scott Wood
2019-08-27 22:07 ` Scott Wood
2019-08-28 5:33 ` Jason Yan
2019-08-28 5:33 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 05/12] powerpc/fsl_booke/32: introduce reloc_kernel_entry() helper Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 06/12] powerpc/fsl_booke/32: implement KASLR infrastructure Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-28 4:54 ` Scott Wood
2019-08-28 4:54 ` Scott Wood
2019-08-28 5:47 ` Christophe Leroy
2019-08-28 5:47 ` Christophe Leroy
2019-08-29 6:26 ` Jason Yan
2019-08-29 6:26 ` Jason Yan
2019-08-28 11:03 ` Jason Yan
2019-08-28 11:03 ` Jason Yan
2019-08-28 16:44 ` Scott Wood
2019-08-28 16:44 ` Scott Wood
2019-08-28 16:44 ` Scott Wood
2019-08-09 10:07 ` [PATCH v6 07/12] powerpc/fsl_booke/32: randomize the kernel image offset Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 08/12] powerpc/fsl_booke/kaslr: clear the original kernel if randomized Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 09/12] powerpc/fsl_booke/kaslr: support nokaslr cmdline parameter Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 10/12] powerpc/fsl_booke/kaslr: dump out kernel offset information on panic Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:07 ` [PATCH v6 11/12] powerpc/fsl_booke/kaslr: export offset in VMCOREINFO ELF notes Jason Yan
2019-08-09 10:07 ` Jason Yan
2019-08-09 10:08 ` [PATCH v6 12/12] powerpc/fsl_booke/32: Document KASLR implementation Jason Yan
2019-08-09 10:08 ` Jason Yan
2019-08-19 6:12 ` [PATCH v6 00/12] implement KASLR for powerpc/fsl_booke/32 Jason Yan
2019-08-19 6:12 ` Jason Yan
2019-08-27 0:39 ` Jason Yan
2019-08-27 0:39 ` Jason Yan
2019-08-27 1:33 ` Michael Ellerman
2019-08-27 1:33 ` Michael Ellerman
2019-08-28 5:08 ` Scott Wood
2019-08-28 5:08 ` Scott Wood
2019-08-28 5:08 ` Scott Wood
2019-08-28 13:01 ` Michael Ellerman
2019-08-28 13:01 ` Michael Ellerman
2019-08-28 4:05 ` Scott Wood
2019-08-28 4:05 ` Scott Wood
2019-08-28 4:05 ` Scott Wood
2019-08-28 4:59 ` Scott Wood
2019-08-28 4:59 ` Scott Wood
2019-08-28 4:59 ` Scott Wood
2019-08-29 2:41 ` Jason Yan
2019-08-29 2:41 ` Jason Yan
2019-08-29 1:57 ` Jason Yan [this message]
2019-08-29 1:57 ` Jason Yan
2019-09-10 5:34 ` Jason Yan
2019-09-10 5:34 ` Jason Yan
2019-09-14 14:28 ` Scott Wood
2019-09-14 14:28 ` Scott Wood
2019-09-14 14:28 ` Scott Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=923983fc-364d-440d-5c3a-3d3d6de60d14@huawei.com \
--to=yanaijie@huawei.com \
--cc=benh@kernel.crashing.org \
--cc=christophe.leroy@c-s.fr \
--cc=diana.craciun@nxp.com \
--cc=fanchengyang@huawei.com \
--cc=jingxiangfeng@huawei.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=oss@buserror.net \
--cc=paulus@samba.org \
--cc=thunder.leizhen@huawei.com \
--cc=wangkefeng.wang@huawei.com \
--cc=yebin10@huawei.com \
--cc=zhaohongjiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.