linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [GIT PULL v2 0/6] EFI fixes for v5.4
@ 2019-10-29 17:37 Ard Biesheuvel
  2019-10-29 17:37 ` [PATCH v2 1/6] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only Ard Biesheuvel
                   ` (5 more replies)
  0 siblings, 6 replies; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-29 17:37 UTC (permalink / raw)
  To: linux-efi, Ingo Molnar, Thomas Gleixner
  Cc: Ard Biesheuvel, Ard Biesheuvel, linux-kernel, Chester Lin,
	Dan Carpenter, Dominik Brodowski, Geert Uytterhoeven,
	Geert Uytterhoeven, Guillaume Gardet, Jarkko Sakkinen,
	Javier Martinez Canillas, Jerry Snitselaar, Kairui Song,
	Laszlo Ersek, Matthew Garrett, Narendra K

Ingo, Thomas,

The v1 of this pull request/series was sent out last Wednesday, and
appears to have slipped through the cracks. This is actually for the
better, given that I had overlooked a patch that I had queued in the
wrong place, so I have included it now for this v2.

Thanks,
Ard.


The following changes since commit 7d194c2100ad2a6dded545887d02754948ca5241:

  Linux 5.4-rc4 (2019-10-20 15:56:22 -0400)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-urgent

for you to fetch changes up to 8a1022da89857a21556eb04f53d281eda94ef02d:

  efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN (2019-10-29 10:30:18 +0100)

----------------------------------------------------------------
Some more fixes for the EFI subsystem:
- Prevent boot problems on HyperV due to incorrect placement of the kernel
- Classify UEFI randomness as bootloader randomness
- Fix EFI boot for the Raspberry Pi2 running U-boot
- A capability/lockdown fix for the efi_test module.
- Some more odd fixes.

----------------------------------------------------------------
Ard Biesheuvel (1):
      efi: libstub/arm: account for firmware reserved memory at the base of RAM

Dominik Brodowski (1):
      efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness

Javier Martinez Canillas (1):
      efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN

Jerry Snitselaar (1):
      efi/tpm: return -EINVAL when determining tpm final events log size fails

Kairui Song (1):
      x86, efi: never relocate kernel below lowest acceptable address

Narendra K (1):
      efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only

 arch/x86/boot/compressed/eboot.c               |  4 +++-
 drivers/firmware/efi/Kconfig                   |  1 +
 drivers/firmware/efi/efi.c                     |  2 +-
 drivers/firmware/efi/libstub/Makefile          |  1 +
 drivers/firmware/efi/libstub/arm32-stub.c      | 16 +++++++++++++---
 drivers/firmware/efi/libstub/efi-stub-helper.c | 24 ++++++++++--------------
 drivers/firmware/efi/test/efi_test.c           |  8 ++++++++
 drivers/firmware/efi/tpm.c                     |  1 +
 include/linux/efi.h                            | 18 ++++++++++++++++--
 include/linux/security.h                       |  1 +
 security/lockdown/lockdown.c                   |  1 +
 11 files changed, 56 insertions(+), 21 deletions(-)

^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v2 1/6] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only
  2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel
@ 2019-10-29 17:37 ` Ard Biesheuvel
  2019-10-31 11:55   ` [tip: efi/urgent] " tip-bot2 for Narendra K
  2019-10-29 17:37 ` [PATCH v2 2/6] efi/tpm: return -EINVAL when determining tpm final events log size fails Ard Biesheuvel
                   ` (4 subsequent siblings)
  5 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-29 17:37 UTC (permalink / raw)
  To: linux-efi, Ingo Molnar, Thomas Gleixner
  Cc: Narendra K, Ard Biesheuvel, linux-kernel

From: Narendra K <Narendra.K@dell.com>

For the EFI_RCI2_TABLE kconfig option, 'make oldconfig' asks the user
for input on platforms where the option may not be applicable. This patch
modifies the kconfig option to ask the user for input only when CONFIG_X86
or CONFIG_COMPILE_TEST is set to y.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Narendra K <Narendra.K@dell.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index 178ee8106828..b248870a9806 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -182,6 +182,7 @@ config RESET_ATTACK_MITIGATION
 
 config EFI_RCI2_TABLE
 	bool "EFI Runtime Configuration Interface Table Version 2 Support"
+	depends on X86 || COMPILE_TEST
 	help
 	  Displays the content of the Runtime Configuration Interface
 	  Table version 2 on Dell EMC PowerEdge systems as a binary
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 2/6] efi/tpm: return -EINVAL when determining tpm final events log size fails
  2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel
  2019-10-29 17:37 ` [PATCH v2 1/6] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only Ard Biesheuvel
@ 2019-10-29 17:37 ` Ard Biesheuvel
  2019-10-31 11:55   ` [tip: efi/urgent] efi/tpm: Return " tip-bot2 for Jerry Snitselaar
  2019-10-29 17:37 ` [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness Ard Biesheuvel
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-29 17:37 UTC (permalink / raw)
  To: linux-efi, Ingo Molnar, Thomas Gleixner
  Cc: Jerry Snitselaar, Ard Biesheuvel, linux-kernel

From: Jerry Snitselaar <jsnitsel@redhat.com>

Currently nothing checks the return value of efi_tpm_eventlog_init,
but in case that changes in the future make sure an error is
returned when it fails to determine the tpm final events log
size.

Fixes: e658c82be556 ("efi/tpm: Only set 'efi_tpm_final_log_size' after ...")
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/tpm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c
index ebd7977653a8..31f9f0e369b9 100644
--- a/drivers/firmware/efi/tpm.c
+++ b/drivers/firmware/efi/tpm.c
@@ -88,6 +88,7 @@ int __init efi_tpm_eventlog_init(void)
 
 	if (tbl_size < 0) {
 		pr_err(FW_BUG "Failed to parse event in TPM Final Events Log\n");
+		ret = -EINVAL;
 		goto out_calc;
 	}
 
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness
  2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel
  2019-10-29 17:37 ` [PATCH v2 1/6] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only Ard Biesheuvel
  2019-10-29 17:37 ` [PATCH v2 2/6] efi/tpm: return -EINVAL when determining tpm final events log size fails Ard Biesheuvel
@ 2019-10-29 17:37 ` Ard Biesheuvel
  2019-10-29 19:14   ` Bhupesh Sharma
  2019-10-31 11:55   ` [tip: efi/urgent] efi/random: Treat " tip-bot2 for Dominik Brodowski
  2019-10-29 17:37 ` [PATCH v2 4/6] efi: libstub/arm: account for firmware reserved memory at the base of RAM Ard Biesheuvel
                   ` (2 subsequent siblings)
  5 siblings, 2 replies; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-29 17:37 UTC (permalink / raw)
  To: linux-efi, Ingo Molnar, Thomas Gleixner
  Cc: Dominik Brodowski, Ard Biesheuvel, linux-kernel

From: Dominik Brodowski <linux@dominikbrodowski.net>

Commit 428826f5358c ("fdt: add support for rng-seed") introduced
add_bootloader_randomness(), permitting randomness provided by the
bootloader or firmware to be credited as entropy. However, the fact
that the UEFI support code was already wired into the RNG subsystem
via a call to add_device_randomness() was overlooked, and so it was
not converted at the same time.

Note that this UEFI (v2.4 or newer) feature is currently only
implemented for EFI stub booting on ARM, and further note that
CONFIG_RANDOM_TRUST_BOOTLOADER must be enabled, and this should be
done only if there indeed is sufficient trust in the bootloader
_and_ its source of randomness.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
[ardb: update commit log]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/efi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 69f00f7453a3..e98bbf8e56d9 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -554,7 +554,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
 					      sizeof(*seed) + size);
 			if (seed != NULL) {
 				pr_notice("seeding entropy pool\n");
-				add_device_randomness(seed->bits, seed->size);
+				add_bootloader_randomness(seed->bits, seed->size);
 				early_memunmap(seed, sizeof(*seed) + size);
 			} else {
 				pr_err("Could not map UEFI random seed!\n");
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 4/6] efi: libstub/arm: account for firmware reserved memory at the base of RAM
  2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel
                   ` (2 preceding siblings ...)
  2019-10-29 17:37 ` [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness Ard Biesheuvel
@ 2019-10-29 17:37 ` Ard Biesheuvel
  2019-10-31 11:55   ` [tip: efi/urgent] efi: libstub/arm: Account " tip-bot2 for Ard Biesheuvel
  2019-10-29 17:37 ` [PATCH v2 5/6] x86, efi: never relocate kernel below lowest acceptable address Ard Biesheuvel
  2019-10-29 17:37 ` [PATCH v2 6/6] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN Ard Biesheuvel
  5 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-29 17:37 UTC (permalink / raw)
  To: linux-efi, Ingo Molnar, Thomas Gleixner; +Cc: Ard Biesheuvel, linux-kernel

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

The EFI stubloader for ARM starts out by allocating a 32 MB window
at the base of RAM, in order to ensure that the decompressor (which
blindly copies the uncompressed kernel into that window) does not
overwrite other allocations that are made while running in the context
of the EFI firmware.

In some cases, (e.g., U-Boot running on the Raspberry Pi 2), this is
causing boot failures because this initial allocation conflicts with
a page of reserved memory at the base of RAM that contains the SMP spin
tables and other pieces of firmware data and which was put there by
the bootloader under the assumption that the TEXT_OFFSET window right
below the kernel is only used partially during early boot, and will be
left alone once the memory reservations are processed and taken into
account.

So let's permit reserved memory regions to exist in the region starting
at the base of RAM, and ending at TEXT_OFFSET - 5 * PAGE_SIZE, which is
the window below the kernel that is not touched by the early boot code.

Acked-by: Chester Lin <clin@suse.com>
Tested-by: Guillaume Gardet <Guillaume.Gardet@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/libstub/Makefile     |  1 +
 drivers/firmware/efi/libstub/arm32-stub.c | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 0460c7581220..ee0661ddb25b 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -52,6 +52,7 @@ lib-$(CONFIG_EFI_ARMSTUB)	+= arm-stub.o fdt.o string.o random.o \
 
 lib-$(CONFIG_ARM)		+= arm32-stub.o
 lib-$(CONFIG_ARM64)		+= arm64-stub.o
+CFLAGS_arm32-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 CFLAGS_arm64-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 
 #
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm32-stub.c
index e8f7aefb6813..ffa242ad0a82 100644
--- a/drivers/firmware/efi/libstub/arm32-stub.c
+++ b/drivers/firmware/efi/libstub/arm32-stub.c
@@ -195,6 +195,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 				 unsigned long dram_base,
 				 efi_loaded_image_t *image)
 {
+	unsigned long kernel_base;
 	efi_status_t status;
 
 	/*
@@ -204,9 +205,18 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 	 * loaded. These assumptions are made by the decompressor,
 	 * before any memory map is available.
 	 */
-	dram_base = round_up(dram_base, SZ_128M);
+	kernel_base = round_up(dram_base, SZ_128M);
 
-	status = reserve_kernel_base(sys_table, dram_base, reserve_addr,
+	/*
+	 * Note that some platforms (notably, the Raspberry Pi 2) put
+	 * spin-tables and other pieces of firmware at the base of RAM,
+	 * abusing the fact that the window of TEXT_OFFSET bytes at the
+	 * base of the kernel image is only partially used at the moment.
+	 * (Up to 5 pages are used for the swapper page tables)
+	 */
+	kernel_base += TEXT_OFFSET - 5 * PAGE_SIZE;
+
+	status = reserve_kernel_base(sys_table, kernel_base, reserve_addr,
 				     reserve_size);
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table, "Unable to allocate memory for uncompressed kernel.\n");
@@ -220,7 +230,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 	*image_size = image->image_size;
 	status = efi_relocate_kernel(sys_table, image_addr, *image_size,
 				     *image_size,
-				     dram_base + MAX_UNCOMP_KERNEL_SIZE, 0);
+				     kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0);
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table, "Failed to relocate kernel.\n");
 		efi_free(sys_table, *reserve_size, *reserve_addr);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 5/6] x86, efi: never relocate kernel below lowest acceptable address
  2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel
                   ` (3 preceding siblings ...)
  2019-10-29 17:37 ` [PATCH v2 4/6] efi: libstub/arm: account for firmware reserved memory at the base of RAM Ard Biesheuvel
@ 2019-10-29 17:37 ` Ard Biesheuvel
  2019-10-31 11:55   ` [tip: efi/urgent] x86, efi: Never " tip-bot2 for Kairui Song
  2019-10-29 17:37 ` [PATCH v2 6/6] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN Ard Biesheuvel
  5 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-29 17:37 UTC (permalink / raw)
  To: linux-efi, Ingo Molnar, Thomas Gleixner
  Cc: Kairui Song, Ard Biesheuvel, linux-kernel

From: Kairui Song <kasong@redhat.com>

Currently, kernel fails to boot on some HyperV VMs when using EFI.
And it's a potential issue on all x86 platforms.

It's caused by broken kernel relocation on EFI systems, when below three
conditions are met:

1. Kernel image is not loaded to the default address (LOAD_PHYSICAL_ADDR)
   by the loader.
2. There isn't enough room to contain the kernel, starting from the
   default load address (eg. something else occupied part the region).
3. In the memmap provided by EFI firmware, there is a memory region
   starts below LOAD_PHYSICAL_ADDR, and suitable for containing the
   kernel.

EFI stub will perform a kernel relocation when condition 1 is met. But
due to condition 2, EFI stub can't relocate kernel to the preferred
address, so it fallback to ask EFI firmware to alloc lowest usable memory
region, got the low region mentioned in condition 3, and relocated
kernel there.

It's incorrect to relocate the kernel below LOAD_PHYSICAL_ADDR. This
is the lowest acceptable kernel relocation address.

The first thing goes wrong is in arch/x86/boot/compressed/head_64.S.
Kernel decompression will force use LOAD_PHYSICAL_ADDR as the output
address if kernel is located below it. Then the relocation before
decompression, which move kernel to the end of the decompression buffer,
will overwrite other memory region, as there is no enough memory there.

To fix it, just don't let EFI stub relocate the kernel to any address
lower than lowest acceptable address.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
[ardb: introduce efi_low_alloc_above() to reduce the scope of the change]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/x86/boot/compressed/eboot.c              |  4 +++-
 drivers/firmware/efi/libstub/arm32-stub.c     |  2 +-
 .../firmware/efi/libstub/efi-stub-helper.c    | 24 ++++++++-----------
 include/linux/efi.h                           | 18 ++++++++++++--
 4 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index d6662fdef300..82bc60c8acb2 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -13,6 +13,7 @@
 #include <asm/e820/types.h>
 #include <asm/setup.h>
 #include <asm/desc.h>
+#include <asm/boot.h>
 
 #include "../string.h"
 #include "eboot.h"
@@ -813,7 +814,8 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
 		status = efi_relocate_kernel(sys_table, &bzimage_addr,
 					     hdr->init_size, hdr->init_size,
 					     hdr->pref_address,
-					     hdr->kernel_alignment);
+					     hdr->kernel_alignment,
+					     LOAD_PHYSICAL_ADDR);
 		if (status != EFI_SUCCESS) {
 			efi_printk(sys_table, "efi_relocate_kernel() failed!\n");
 			goto fail;
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm32-stub.c
index ffa242ad0a82..41213bf5fcf5 100644
--- a/drivers/firmware/efi/libstub/arm32-stub.c
+++ b/drivers/firmware/efi/libstub/arm32-stub.c
@@ -230,7 +230,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 	*image_size = image->image_size;
 	status = efi_relocate_kernel(sys_table, image_addr, *image_size,
 				     *image_size,
-				     kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0);
+				     kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0, 0);
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table, "Failed to relocate kernel.\n");
 		efi_free(sys_table, *reserve_size, *reserve_addr);
diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index 3caae7f2cf56..35dbc2791c97 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -260,11 +260,11 @@ efi_status_t efi_high_alloc(efi_system_table_t *sys_table_arg,
 }
 
 /*
- * Allocate at the lowest possible address.
+ * Allocate at the lowest possible address that is not below 'min'.
  */
-efi_status_t efi_low_alloc(efi_system_table_t *sys_table_arg,
-			   unsigned long size, unsigned long align,
-			   unsigned long *addr)
+efi_status_t efi_low_alloc_above(efi_system_table_t *sys_table_arg,
+				 unsigned long size, unsigned long align,
+				 unsigned long *addr, unsigned long min)
 {
 	unsigned long map_size, desc_size, buff_size;
 	efi_memory_desc_t *map;
@@ -311,13 +311,8 @@ efi_status_t efi_low_alloc(efi_system_table_t *sys_table_arg,
 		start = desc->phys_addr;
 		end = start + desc->num_pages * EFI_PAGE_SIZE;
 
-		/*
-		 * Don't allocate at 0x0. It will confuse code that
-		 * checks pointers against NULL. Skip the first 8
-		 * bytes so we start at a nice even number.
-		 */
-		if (start == 0x0)
-			start += 8;
+		if (start < min)
+			start = min;
 
 		start = round_up(start, align);
 		if ((start + size) > end)
@@ -698,7 +693,8 @@ efi_status_t efi_relocate_kernel(efi_system_table_t *sys_table_arg,
 				 unsigned long image_size,
 				 unsigned long alloc_size,
 				 unsigned long preferred_addr,
-				 unsigned long alignment)
+				 unsigned long alignment,
+				 unsigned long min_addr)
 {
 	unsigned long cur_image_addr;
 	unsigned long new_addr = 0;
@@ -731,8 +727,8 @@ efi_status_t efi_relocate_kernel(efi_system_table_t *sys_table_arg,
 	 * possible.
 	 */
 	if (status != EFI_SUCCESS) {
-		status = efi_low_alloc(sys_table_arg, alloc_size, alignment,
-				       &new_addr);
+		status = efi_low_alloc_above(sys_table_arg, alloc_size,
+					     alignment, &new_addr, min_addr);
 	}
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table_arg, "Failed to allocate usable memory for kernel.\n");
diff --git a/include/linux/efi.h b/include/linux/efi.h
index bd3837022307..d87acf62958e 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1579,9 +1579,22 @@ char *efi_convert_cmdline(efi_system_table_t *sys_table_arg,
 efi_status_t efi_get_memory_map(efi_system_table_t *sys_table_arg,
 				struct efi_boot_memmap *map);
 
+efi_status_t efi_low_alloc_above(efi_system_table_t *sys_table_arg,
+				 unsigned long size, unsigned long align,
+				 unsigned long *addr, unsigned long min);
+
+static inline
 efi_status_t efi_low_alloc(efi_system_table_t *sys_table_arg,
 			   unsigned long size, unsigned long align,
-			   unsigned long *addr);
+			   unsigned long *addr)
+{
+	/*
+	 * Don't allocate at 0x0. It will confuse code that
+	 * checks pointers against NULL. Skip the first 8
+	 * bytes so we start at a nice even number.
+	 */
+	return efi_low_alloc_above(sys_table_arg, size, align, addr, 0x8);
+}
 
 efi_status_t efi_high_alloc(efi_system_table_t *sys_table_arg,
 			    unsigned long size, unsigned long align,
@@ -1592,7 +1605,8 @@ efi_status_t efi_relocate_kernel(efi_system_table_t *sys_table_arg,
 				 unsigned long image_size,
 				 unsigned long alloc_size,
 				 unsigned long preferred_addr,
-				 unsigned long alignment);
+				 unsigned long alignment,
+				 unsigned long min_addr);
 
 efi_status_t handle_cmdline_files(efi_system_table_t *sys_table_arg,
 				  efi_loaded_image_t *image,
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [PATCH v2 6/6] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN
  2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel
                   ` (4 preceding siblings ...)
  2019-10-29 17:37 ` [PATCH v2 5/6] x86, efi: never relocate kernel below lowest acceptable address Ard Biesheuvel
@ 2019-10-29 17:37 ` Ard Biesheuvel
  2019-10-31 11:55   ` [tip: efi/urgent] efi/efi_test: Lock " tip-bot2 for Javier Martinez Canillas
  5 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-29 17:37 UTC (permalink / raw)
  To: linux-efi, Ingo Molnar, Thomas Gleixner
  Cc: Javier Martinez Canillas, Ard Biesheuvel, linux-kernel

From: Javier Martinez Canillas <javierm@redhat.com>

The driver exposes EFI runtime services to user-space through an IOCTL
interface, calling the EFI services function pointers directly without
using the efivar API.

Disallow access to the /dev/efi_test character device when the kernel is
locked down to prevent arbitrary user-space to call EFI runtime services.

Also require CAP_SYS_ADMIN to open the chardev to prevent unprivileged
users to call the EFI runtime services, instead of just relying on the
chardev file mode bits for this.

The main user of this driver is the fwts [0] tool that already checks if
the effective user ID is 0 and fails otherwise. So this change shouldn't
cause any regression to this tool.

[0]: https://wiki.ubuntu.com/FirmwareTestSuite/Reference/uefivarinfo

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/firmware/efi/test/efi_test.c | 8 ++++++++
 include/linux/security.h             | 1 +
 security/lockdown/lockdown.c         | 1 +
 3 files changed, 10 insertions(+)

diff --git a/drivers/firmware/efi/test/efi_test.c b/drivers/firmware/efi/test/efi_test.c
index 877745c3aaf2..7baf48c01e72 100644
--- a/drivers/firmware/efi/test/efi_test.c
+++ b/drivers/firmware/efi/test/efi_test.c
@@ -14,6 +14,7 @@
 #include <linux/init.h>
 #include <linux/proc_fs.h>
 #include <linux/efi.h>
+#include <linux/security.h>
 #include <linux/slab.h>
 #include <linux/uaccess.h>
 
@@ -717,6 +718,13 @@ static long efi_test_ioctl(struct file *file, unsigned int cmd,
 
 static int efi_test_open(struct inode *inode, struct file *file)
 {
+	int ret = security_locked_down(LOCKDOWN_EFI_TEST);
+
+	if (ret)
+		return ret;
+
+	if (!capable(CAP_SYS_ADMIN))
+		return -EACCES;
 	/*
 	 * nothing special to do here
 	 * We do accept multiple open files at the same time as we
diff --git a/include/linux/security.h b/include/linux/security.h
index a8d59d612d27..9df7547afc0c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -105,6 +105,7 @@ enum lockdown_reason {
 	LOCKDOWN_NONE,
 	LOCKDOWN_MODULE_SIGNATURE,
 	LOCKDOWN_DEV_MEM,
+	LOCKDOWN_EFI_TEST,
 	LOCKDOWN_KEXEC,
 	LOCKDOWN_HIBERNATION,
 	LOCKDOWN_PCI_ACCESS,
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 8a10b43daf74..40b790536def 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -20,6 +20,7 @@ static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_NONE] = "none",
 	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
 	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
+	[LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
 	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
 	[LOCKDOWN_HIBERNATION] = "hibernation",
 	[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness
  2019-10-29 17:37 ` [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness Ard Biesheuvel
@ 2019-10-29 19:14   ` Bhupesh Sharma
  2019-10-31  8:24     ` Ard Biesheuvel
  2019-10-31 11:55   ` [tip: efi/urgent] efi/random: Treat " tip-bot2 for Dominik Brodowski
  1 sibling, 1 reply; 17+ messages in thread
From: Bhupesh Sharma @ 2019-10-29 19:14 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: linux-efi, Ingo Molnar, Thomas Gleixner, Dominik Brodowski,
	Ard Biesheuvel, Linux Kernel Mailing List

Hi Ard,

On Tue, Oct 29, 2019 at 11:10 PM Ard Biesheuvel <ardb@kernel.org> wrote:
>
> From: Dominik Brodowski <linux@dominikbrodowski.net>
>
> Commit 428826f5358c ("fdt: add support for rng-seed") introduced
> add_bootloader_randomness(), permitting randomness provided by the
> bootloader or firmware to be credited as entropy. However, the fact
> that the UEFI support code was already wired into the RNG subsystem
> via a call to add_device_randomness() was overlooked, and so it was
> not converted at the same time.
>
> Note that this UEFI (v2.4 or newer) feature is currently only
> implemented for EFI stub booting on ARM, and further note that
> CONFIG_RANDOM_TRUST_BOOTLOADER must be enabled, and this should be
> done only if there indeed is sufficient trust in the bootloader
> _and_ its source of randomness.
>
> Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
> [ardb: update commit log]
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Seems my Tested-by was dropped which I provide for the RFC version of
this patch.
See <https://www.mail-archive.com/linux-efi@vger.kernel.org/msg12281.html>
for details.

I can provide a similar Tested-by for this version as well.

Thanks,
Bhupesh


> ---
>  drivers/firmware/efi/efi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index 69f00f7453a3..e98bbf8e56d9 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -554,7 +554,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
>                                               sizeof(*seed) + size);
>                         if (seed != NULL) {
>                                 pr_notice("seeding entropy pool\n");
> -                               add_device_randomness(seed->bits, seed->size);
> +                               add_bootloader_randomness(seed->bits, seed->size);
>                                 early_memunmap(seed, sizeof(*seed) + size);
>                         } else {
>                                 pr_err("Could not map UEFI random seed!\n");
> --
> 2.17.1
>


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness
  2019-10-29 19:14   ` Bhupesh Sharma
@ 2019-10-31  8:24     ` Ard Biesheuvel
  2019-10-31  8:41       ` Ingo Molnar
  0 siblings, 1 reply; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-31  8:24 UTC (permalink / raw)
  To: Bhupesh Sharma
  Cc: Ard Biesheuvel, linux-efi, Ingo Molnar, Thomas Gleixner,
	Dominik Brodowski, Linux Kernel Mailing List

On Tue, 29 Oct 2019 at 20:14, Bhupesh Sharma <bhsharma@redhat.com> wrote:
>
> Hi Ard,
>
> On Tue, Oct 29, 2019 at 11:10 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > From: Dominik Brodowski <linux@dominikbrodowski.net>
> >
> > Commit 428826f5358c ("fdt: add support for rng-seed") introduced
> > add_bootloader_randomness(), permitting randomness provided by the
> > bootloader or firmware to be credited as entropy. However, the fact
> > that the UEFI support code was already wired into the RNG subsystem
> > via a call to add_device_randomness() was overlooked, and so it was
> > not converted at the same time.
> >
> > Note that this UEFI (v2.4 or newer) feature is currently only
> > implemented for EFI stub booting on ARM, and further note that
> > CONFIG_RANDOM_TRUST_BOOTLOADER must be enabled, and this should be
> > done only if there indeed is sufficient trust in the bootloader
> > _and_ its source of randomness.
> >
> > Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
> > [ardb: update commit log]
> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Seems my Tested-by was dropped which I provide for the RFC version of
> this patch.
> See <https://www.mail-archive.com/linux-efi@vger.kernel.org/msg12281.html>
> for details.
>
> I can provide a similar Tested-by for this version as well.
>

Thanks Bhupesh

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness
  2019-10-31  8:24     ` Ard Biesheuvel
@ 2019-10-31  8:41       ` Ingo Molnar
  2019-10-31 13:47         ` Ard Biesheuvel
  0 siblings, 1 reply; 17+ messages in thread
From: Ingo Molnar @ 2019-10-31  8:41 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Bhupesh Sharma, Ard Biesheuvel, linux-efi, Thomas Gleixner,
	Dominik Brodowski, Linux Kernel Mailing List


* Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:

> On Tue, 29 Oct 2019 at 20:14, Bhupesh Sharma <bhsharma@redhat.com> wrote:
> >
> > Hi Ard,
> >
> > On Tue, Oct 29, 2019 at 11:10 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > >
> > > From: Dominik Brodowski <linux@dominikbrodowski.net>
> > >
> > > Commit 428826f5358c ("fdt: add support for rng-seed") introduced
> > > add_bootloader_randomness(), permitting randomness provided by the
> > > bootloader or firmware to be credited as entropy. However, the fact
> > > that the UEFI support code was already wired into the RNG subsystem
> > > via a call to add_device_randomness() was overlooked, and so it was
> > > not converted at the same time.
> > >
> > > Note that this UEFI (v2.4 or newer) feature is currently only
> > > implemented for EFI stub booting on ARM, and further note that
> > > CONFIG_RANDOM_TRUST_BOOTLOADER must be enabled, and this should be
> > > done only if there indeed is sufficient trust in the bootloader
> > > _and_ its source of randomness.
> > >
> > > Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
> > > [ardb: update commit log]
> > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >
> > Seems my Tested-by was dropped which I provide for the RFC version of
> > this patch.
> > See <https://www.mail-archive.com/linux-efi@vger.kernel.org/msg12281.html>
> > for details.
> >
> > I can provide a similar Tested-by for this version as well.
> >
> 
> Thanks Bhupesh

I've added Bhupesh's Tested-by to the commit - no need to resend.

I've picked up all 6 EFI fixes, will push them out after a bit of testing 
- sorry about the delay!

Thanks,

	Ingo

^ permalink raw reply	[flat|nested] 17+ messages in thread

* [tip: efi/urgent] efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
  2019-10-29 17:37 ` [PATCH v2 6/6] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN Ard Biesheuvel
@ 2019-10-31 11:55   ` tip-bot2 for Javier Martinez Canillas
  0 siblings, 0 replies; 17+ messages in thread
From: tip-bot2 for Javier Martinez Canillas @ 2019-10-31 11:55 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Javier Martinez Canillas, Ard Biesheuvel, Laszlo Ersek,
	Matthew Garrett, Linus Torvalds, Peter Zijlstra, Thomas Gleixner,
	linux-efi, Ingo Molnar, Borislav Petkov, linux-kernel

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     359efcc2c910117d2faf704ce154e91fc976d37f
Gitweb:        https://git.kernel.org/tip/359efcc2c910117d2faf704ce154e91fc976d37f
Author:        Javier Martinez Canillas <javierm@redhat.com>
AuthorDate:    Tue, 29 Oct 2019 18:37:55 +01:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 31 Oct 2019 09:40:21 +01:00

efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN

The driver exposes EFI runtime services to user-space through an IOCTL
interface, calling the EFI services function pointers directly without
using the efivar API.

Disallow access to the /dev/efi_test character device when the kernel is
locked down to prevent arbitrary user-space to call EFI runtime services.

Also require CAP_SYS_ADMIN to open the chardev to prevent unprivileged
users to call the EFI runtime services, instead of just relying on the
chardev file mode bits for this.

The main user of this driver is the fwts [0] tool that already checks if
the effective user ID is 0 and fails otherwise. So this change shouldn't
cause any regression to this tool.

[0]: https://wiki.ubuntu.com/FirmwareTestSuite/Reference/uefivarinfo

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Matthew Garrett <mjg59@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: https://lkml.kernel.org/r/20191029173755.27149-7-ardb@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/test/efi_test.c | 8 ++++++++
 include/linux/security.h             | 1 +
 security/lockdown/lockdown.c         | 1 +
 3 files changed, 10 insertions(+)

diff --git a/drivers/firmware/efi/test/efi_test.c b/drivers/firmware/efi/test/efi_test.c
index 877745c..7baf48c 100644
--- a/drivers/firmware/efi/test/efi_test.c
+++ b/drivers/firmware/efi/test/efi_test.c
@@ -14,6 +14,7 @@
 #include <linux/init.h>
 #include <linux/proc_fs.h>
 #include <linux/efi.h>
+#include <linux/security.h>
 #include <linux/slab.h>
 #include <linux/uaccess.h>
 
@@ -717,6 +718,13 @@ static long efi_test_ioctl(struct file *file, unsigned int cmd,
 
 static int efi_test_open(struct inode *inode, struct file *file)
 {
+	int ret = security_locked_down(LOCKDOWN_EFI_TEST);
+
+	if (ret)
+		return ret;
+
+	if (!capable(CAP_SYS_ADMIN))
+		return -EACCES;
 	/*
 	 * nothing special to do here
 	 * We do accept multiple open files at the same time as we
diff --git a/include/linux/security.h b/include/linux/security.h
index a8d59d6..9df7547 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -105,6 +105,7 @@ enum lockdown_reason {
 	LOCKDOWN_NONE,
 	LOCKDOWN_MODULE_SIGNATURE,
 	LOCKDOWN_DEV_MEM,
+	LOCKDOWN_EFI_TEST,
 	LOCKDOWN_KEXEC,
 	LOCKDOWN_HIBERNATION,
 	LOCKDOWN_PCI_ACCESS,
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 8a10b43..40b7905 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -20,6 +20,7 @@ static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_NONE] = "none",
 	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
 	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
+	[LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
 	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
 	[LOCKDOWN_HIBERNATION] = "hibernation",
 	[LOCKDOWN_PCI_ACCESS] = "direct PCI access",

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [tip: efi/urgent] x86, efi: Never relocate kernel below lowest acceptable address
  2019-10-29 17:37 ` [PATCH v2 5/6] x86, efi: never relocate kernel below lowest acceptable address Ard Biesheuvel
@ 2019-10-31 11:55   ` tip-bot2 for Kairui Song
  0 siblings, 0 replies; 17+ messages in thread
From: tip-bot2 for Kairui Song @ 2019-10-31 11:55 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Kairui Song, Ard Biesheuvel, Jarkko Sakkinen, Linus Torvalds,
	Peter Zijlstra, Thomas Gleixner, linux-efi, Ingo Molnar,
	Borislav Petkov, linux-kernel

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     220dd7699c46d5940115bd797b01b2ab047c87b8
Gitweb:        https://git.kernel.org/tip/220dd7699c46d5940115bd797b01b2ab047c87b8
Author:        Kairui Song <kasong@redhat.com>
AuthorDate:    Tue, 29 Oct 2019 18:37:54 +01:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 31 Oct 2019 09:40:19 +01:00

x86, efi: Never relocate kernel below lowest acceptable address

Currently, kernel fails to boot on some HyperV VMs when using EFI.
And it's a potential issue on all x86 platforms.

It's caused by broken kernel relocation on EFI systems, when below three
conditions are met:

1. Kernel image is not loaded to the default address (LOAD_PHYSICAL_ADDR)
   by the loader.
2. There isn't enough room to contain the kernel, starting from the
   default load address (eg. something else occupied part the region).
3. In the memmap provided by EFI firmware, there is a memory region
   starts below LOAD_PHYSICAL_ADDR, and suitable for containing the
   kernel.

EFI stub will perform a kernel relocation when condition 1 is met. But
due to condition 2, EFI stub can't relocate kernel to the preferred
address, so it fallback to ask EFI firmware to alloc lowest usable memory
region, got the low region mentioned in condition 3, and relocated
kernel there.

It's incorrect to relocate the kernel below LOAD_PHYSICAL_ADDR. This
is the lowest acceptable kernel relocation address.

The first thing goes wrong is in arch/x86/boot/compressed/head_64.S.
Kernel decompression will force use LOAD_PHYSICAL_ADDR as the output
address if kernel is located below it. Then the relocation before
decompression, which move kernel to the end of the decompression buffer,
will overwrite other memory region, as there is no enough memory there.

To fix it, just don't let EFI stub relocate the kernel to any address
lower than lowest acceptable address.

[ ardb: introduce efi_low_alloc_above() to reduce the scope of the change ]

Signed-off-by: Kairui Song <kasong@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: https://lkml.kernel.org/r/20191029173755.27149-6-ardb@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/boot/compressed/eboot.c               |  4 ++-
 drivers/firmware/efi/libstub/arm32-stub.c      |  2 +-
 drivers/firmware/efi/libstub/efi-stub-helper.c | 24 +++++++----------
 include/linux/efi.h                            | 18 +++++++++++--
 4 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index d6662fd..82bc60c 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -13,6 +13,7 @@
 #include <asm/e820/types.h>
 #include <asm/setup.h>
 #include <asm/desc.h>
+#include <asm/boot.h>
 
 #include "../string.h"
 #include "eboot.h"
@@ -813,7 +814,8 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
 		status = efi_relocate_kernel(sys_table, &bzimage_addr,
 					     hdr->init_size, hdr->init_size,
 					     hdr->pref_address,
-					     hdr->kernel_alignment);
+					     hdr->kernel_alignment,
+					     LOAD_PHYSICAL_ADDR);
 		if (status != EFI_SUCCESS) {
 			efi_printk(sys_table, "efi_relocate_kernel() failed!\n");
 			goto fail;
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm32-stub.c
index ffa242a..41213bf 100644
--- a/drivers/firmware/efi/libstub/arm32-stub.c
+++ b/drivers/firmware/efi/libstub/arm32-stub.c
@@ -230,7 +230,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 	*image_size = image->image_size;
 	status = efi_relocate_kernel(sys_table, image_addr, *image_size,
 				     *image_size,
-				     kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0);
+				     kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0, 0);
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table, "Failed to relocate kernel.\n");
 		efi_free(sys_table, *reserve_size, *reserve_addr);
diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index 3caae7f..35dbc27 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -260,11 +260,11 @@ fail:
 }
 
 /*
- * Allocate at the lowest possible address.
+ * Allocate at the lowest possible address that is not below 'min'.
  */
-efi_status_t efi_low_alloc(efi_system_table_t *sys_table_arg,
-			   unsigned long size, unsigned long align,
-			   unsigned long *addr)
+efi_status_t efi_low_alloc_above(efi_system_table_t *sys_table_arg,
+				 unsigned long size, unsigned long align,
+				 unsigned long *addr, unsigned long min)
 {
 	unsigned long map_size, desc_size, buff_size;
 	efi_memory_desc_t *map;
@@ -311,13 +311,8 @@ efi_status_t efi_low_alloc(efi_system_table_t *sys_table_arg,
 		start = desc->phys_addr;
 		end = start + desc->num_pages * EFI_PAGE_SIZE;
 
-		/*
-		 * Don't allocate at 0x0. It will confuse code that
-		 * checks pointers against NULL. Skip the first 8
-		 * bytes so we start at a nice even number.
-		 */
-		if (start == 0x0)
-			start += 8;
+		if (start < min)
+			start = min;
 
 		start = round_up(start, align);
 		if ((start + size) > end)
@@ -698,7 +693,8 @@ efi_status_t efi_relocate_kernel(efi_system_table_t *sys_table_arg,
 				 unsigned long image_size,
 				 unsigned long alloc_size,
 				 unsigned long preferred_addr,
-				 unsigned long alignment)
+				 unsigned long alignment,
+				 unsigned long min_addr)
 {
 	unsigned long cur_image_addr;
 	unsigned long new_addr = 0;
@@ -731,8 +727,8 @@ efi_status_t efi_relocate_kernel(efi_system_table_t *sys_table_arg,
 	 * possible.
 	 */
 	if (status != EFI_SUCCESS) {
-		status = efi_low_alloc(sys_table_arg, alloc_size, alignment,
-				       &new_addr);
+		status = efi_low_alloc_above(sys_table_arg, alloc_size,
+					     alignment, &new_addr, min_addr);
 	}
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table_arg, "Failed to allocate usable memory for kernel.\n");
diff --git a/include/linux/efi.h b/include/linux/efi.h
index bd38370..d87acf6 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1579,9 +1579,22 @@ char *efi_convert_cmdline(efi_system_table_t *sys_table_arg,
 efi_status_t efi_get_memory_map(efi_system_table_t *sys_table_arg,
 				struct efi_boot_memmap *map);
 
+efi_status_t efi_low_alloc_above(efi_system_table_t *sys_table_arg,
+				 unsigned long size, unsigned long align,
+				 unsigned long *addr, unsigned long min);
+
+static inline
 efi_status_t efi_low_alloc(efi_system_table_t *sys_table_arg,
 			   unsigned long size, unsigned long align,
-			   unsigned long *addr);
+			   unsigned long *addr)
+{
+	/*
+	 * Don't allocate at 0x0. It will confuse code that
+	 * checks pointers against NULL. Skip the first 8
+	 * bytes so we start at a nice even number.
+	 */
+	return efi_low_alloc_above(sys_table_arg, size, align, addr, 0x8);
+}
 
 efi_status_t efi_high_alloc(efi_system_table_t *sys_table_arg,
 			    unsigned long size, unsigned long align,
@@ -1592,7 +1605,8 @@ efi_status_t efi_relocate_kernel(efi_system_table_t *sys_table_arg,
 				 unsigned long image_size,
 				 unsigned long alloc_size,
 				 unsigned long preferred_addr,
-				 unsigned long alignment);
+				 unsigned long alignment,
+				 unsigned long min_addr);
 
 efi_status_t handle_cmdline_files(efi_system_table_t *sys_table_arg,
 				  efi_loaded_image_t *image,

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [tip: efi/urgent] efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness
  2019-10-29 17:37 ` [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness Ard Biesheuvel
  2019-10-29 19:14   ` Bhupesh Sharma
@ 2019-10-31 11:55   ` tip-bot2 for Dominik Brodowski
  1 sibling, 0 replies; 17+ messages in thread
From: tip-bot2 for Dominik Brodowski @ 2019-10-31 11:55 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Bhupesh Sharma, Dominik Brodowski, Ard Biesheuvel,
	Linus Torvalds, Peter Zijlstra, Thomas Gleixner, linux-efi,
	Ingo Molnar, Borislav Petkov, linux-kernel

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     18b915ac6b0ac5ba7ded03156860f60a9f16df2b
Gitweb:        https://git.kernel.org/tip/18b915ac6b0ac5ba7ded03156860f60a9f16df2b
Author:        Dominik Brodowski <linux@dominikbrodowski.net>
AuthorDate:    Tue, 29 Oct 2019 18:37:52 +01:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 31 Oct 2019 09:40:18 +01:00

efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness

Commit 428826f5358c ("fdt: add support for rng-seed") introduced
add_bootloader_randomness(), permitting randomness provided by the
bootloader or firmware to be credited as entropy. However, the fact
that the UEFI support code was already wired into the RNG subsystem
via a call to add_device_randomness() was overlooked, and so it was
not converted at the same time.

Note that this UEFI (v2.4 or newer) feature is currently only
implemented for EFI stub booting on ARM, and further note that
CONFIG_RANDOM_TRUST_BOOTLOADER must be enabled, and this should be
done only if there indeed is sufficient trust in the bootloader
_and_ its source of randomness.

[ ardb: update commit log ]

Tested-by: Bhupesh Sharma <bhsharma@redhat.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: https://lkml.kernel.org/r/20191029173755.27149-4-ardb@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/efi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 69f00f7..e98bbf8 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -554,7 +554,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
 					      sizeof(*seed) + size);
 			if (seed != NULL) {
 				pr_notice("seeding entropy pool\n");
-				add_device_randomness(seed->bits, seed->size);
+				add_bootloader_randomness(seed->bits, seed->size);
 				early_memunmap(seed, sizeof(*seed) + size);
 			} else {
 				pr_err("Could not map UEFI random seed!\n");

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [tip: efi/urgent] efi: libstub/arm: Account for firmware reserved memory at the base of RAM
  2019-10-29 17:37 ` [PATCH v2 4/6] efi: libstub/arm: account for firmware reserved memory at the base of RAM Ard Biesheuvel
@ 2019-10-31 11:55   ` tip-bot2 for Ard Biesheuvel
  0 siblings, 0 replies; 17+ messages in thread
From: tip-bot2 for Ard Biesheuvel @ 2019-10-31 11:55 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Guillaume Gardet, Ard Biesheuvel, Chester Lin, Linus Torvalds,
	Peter Zijlstra, Thomas Gleixner, linux-efi, Ingo Molnar,
	Borislav Petkov, linux-kernel

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     41cd96fa149b29684ebd38759fefb07f9c7d5276
Gitweb:        https://git.kernel.org/tip/41cd96fa149b29684ebd38759fefb07f9c7d5276
Author:        Ard Biesheuvel <ard.biesheuvel@linaro.org>
AuthorDate:    Tue, 29 Oct 2019 18:37:53 +01:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 31 Oct 2019 09:40:19 +01:00

efi: libstub/arm: Account for firmware reserved memory at the base of RAM

The EFI stubloader for ARM starts out by allocating a 32 MB window
at the base of RAM, in order to ensure that the decompressor (which
blindly copies the uncompressed kernel into that window) does not
overwrite other allocations that are made while running in the context
of the EFI firmware.

In some cases, (e.g., U-Boot running on the Raspberry Pi 2), this is
causing boot failures because this initial allocation conflicts with
a page of reserved memory at the base of RAM that contains the SMP spin
tables and other pieces of firmware data and which was put there by
the bootloader under the assumption that the TEXT_OFFSET window right
below the kernel is only used partially during early boot, and will be
left alone once the memory reservations are processed and taken into
account.

So let's permit reserved memory regions to exist in the region starting
at the base of RAM, and ending at TEXT_OFFSET - 5 * PAGE_SIZE, which is
the window below the kernel that is not touched by the early boot code.

Tested-by: Guillaume Gardet <Guillaume.Gardet@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Chester Lin <clin@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: https://lkml.kernel.org/r/20191029173755.27149-5-ardb@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/libstub/Makefile     |  1 +
 drivers/firmware/efi/libstub/arm32-stub.c | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 0460c75..ee0661d 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -52,6 +52,7 @@ lib-$(CONFIG_EFI_ARMSTUB)	+= arm-stub.o fdt.o string.o random.o \
 
 lib-$(CONFIG_ARM)		+= arm32-stub.o
 lib-$(CONFIG_ARM64)		+= arm64-stub.o
+CFLAGS_arm32-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 CFLAGS_arm64-stub.o		:= -DTEXT_OFFSET=$(TEXT_OFFSET)
 
 #
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm32-stub.c
index e8f7aef..ffa242a 100644
--- a/drivers/firmware/efi/libstub/arm32-stub.c
+++ b/drivers/firmware/efi/libstub/arm32-stub.c
@@ -195,6 +195,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 				 unsigned long dram_base,
 				 efi_loaded_image_t *image)
 {
+	unsigned long kernel_base;
 	efi_status_t status;
 
 	/*
@@ -204,9 +205,18 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 	 * loaded. These assumptions are made by the decompressor,
 	 * before any memory map is available.
 	 */
-	dram_base = round_up(dram_base, SZ_128M);
+	kernel_base = round_up(dram_base, SZ_128M);
 
-	status = reserve_kernel_base(sys_table, dram_base, reserve_addr,
+	/*
+	 * Note that some platforms (notably, the Raspberry Pi 2) put
+	 * spin-tables and other pieces of firmware at the base of RAM,
+	 * abusing the fact that the window of TEXT_OFFSET bytes at the
+	 * base of the kernel image is only partially used at the moment.
+	 * (Up to 5 pages are used for the swapper page tables)
+	 */
+	kernel_base += TEXT_OFFSET - 5 * PAGE_SIZE;
+
+	status = reserve_kernel_base(sys_table, kernel_base, reserve_addr,
 				     reserve_size);
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table, "Unable to allocate memory for uncompressed kernel.\n");
@@ -220,7 +230,7 @@ efi_status_t handle_kernel_image(efi_system_table_t *sys_table,
 	*image_size = image->image_size;
 	status = efi_relocate_kernel(sys_table, image_addr, *image_size,
 				     *image_size,
-				     dram_base + MAX_UNCOMP_KERNEL_SIZE, 0);
+				     kernel_base + MAX_UNCOMP_KERNEL_SIZE, 0);
 	if (status != EFI_SUCCESS) {
 		pr_efi_err(sys_table, "Failed to relocate kernel.\n");
 		efi_free(sys_table, *reserve_size, *reserve_addr);

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [tip: efi/urgent] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only
  2019-10-29 17:37 ` [PATCH v2 1/6] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only Ard Biesheuvel
@ 2019-10-31 11:55   ` tip-bot2 for Narendra K
  0 siblings, 0 replies; 17+ messages in thread
From: tip-bot2 for Narendra K @ 2019-10-31 11:55 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Geert Uytterhoeven, Geert Uytterhoeven, Narendra K,
	Ard Biesheuvel, Linus Torvalds, Peter Zijlstra, Thomas Gleixner,
	linux-efi, Ingo Molnar, Borislav Petkov, linux-kernel

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     0b6b30c65621fc11a799ca71241f52d8fd9e334c
Gitweb:        https://git.kernel.org/tip/0b6b30c65621fc11a799ca71241f52d8fd9e334c
Author:        Narendra K <Narendra.K@dell.com>
AuthorDate:    Tue, 29 Oct 2019 18:37:50 +01:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 31 Oct 2019 09:40:16 +01:00

efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only

For the EFI_RCI2_TABLE Kconfig option, 'make oldconfig' asks the user
for input on platforms where the option may not be applicable. This patch
modifies the Kconfig option to ask the user for input only when CONFIG_X86
or CONFIG_COMPILE_TEST is set to y.

Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Narendra K <Narendra.K@dell.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: https://lkml.kernel.org/r/20191029173755.27149-2-ardb@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index 178ee81..b248870 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -182,6 +182,7 @@ config RESET_ATTACK_MITIGATION
 
 config EFI_RCI2_TABLE
 	bool "EFI Runtime Configuration Interface Table Version 2 Support"
+	depends on X86 || COMPILE_TEST
 	help
 	  Displays the content of the Runtime Configuration Interface
 	  Table version 2 on Dell EMC PowerEdge systems as a binary

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* [tip: efi/urgent] efi/tpm: Return -EINVAL when determining tpm final events log size fails
  2019-10-29 17:37 ` [PATCH v2 2/6] efi/tpm: return -EINVAL when determining tpm final events log size fails Ard Biesheuvel
@ 2019-10-31 11:55   ` tip-bot2 for Jerry Snitselaar
  0 siblings, 0 replies; 17+ messages in thread
From: tip-bot2 for Jerry Snitselaar @ 2019-10-31 11:55 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Dan Carpenter, Jerry Snitselaar, Ard Biesheuvel, Jarkko Sakkinen,
	Linus Torvalds, Peter Zijlstra, Thomas Gleixner, linux-efi,
	Ingo Molnar, Borislav Petkov, linux-kernel

The following commit has been merged into the efi/urgent branch of tip:

Commit-ID:     2bb6a81633cb47dcba4c9f75605cbe49e6b73d60
Gitweb:        https://git.kernel.org/tip/2bb6a81633cb47dcba4c9f75605cbe49e6b73d60
Author:        Jerry Snitselaar <jsnitsel@redhat.com>
AuthorDate:    Tue, 29 Oct 2019 18:37:51 +01:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 31 Oct 2019 09:40:17 +01:00

efi/tpm: Return -EINVAL when determining tpm final events log size fails

Currently nothing checks the return value of efi_tpm_eventlog_init(),
but in case that changes in the future make sure an error is
returned when it fails to determine the tpm final events log
size.

Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Fixes: e658c82be556 ("efi/tpm: Only set 'efi_tpm_final_log_size' after ...")
Link: https://lkml.kernel.org/r/20191029173755.27149-3-ardb@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/tpm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c
index ebd7977..31f9f0e 100644
--- a/drivers/firmware/efi/tpm.c
+++ b/drivers/firmware/efi/tpm.c
@@ -88,6 +88,7 @@ int __init efi_tpm_eventlog_init(void)
 
 	if (tbl_size < 0) {
 		pr_err(FW_BUG "Failed to parse event in TPM Final Events Log\n");
+		ret = -EINVAL;
 		goto out_calc;
 	}
 

^ permalink raw reply related	[flat|nested] 17+ messages in thread

* Re: [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness
  2019-10-31  8:41       ` Ingo Molnar
@ 2019-10-31 13:47         ` Ard Biesheuvel
  0 siblings, 0 replies; 17+ messages in thread
From: Ard Biesheuvel @ 2019-10-31 13:47 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Bhupesh Sharma, Ard Biesheuvel, linux-efi, Thomas Gleixner,
	Dominik Brodowski, Linux Kernel Mailing List

On Thu, 31 Oct 2019 at 09:41, Ingo Molnar <mingo@kernel.org> wrote:
>
>
> * Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
> > On Tue, 29 Oct 2019 at 20:14, Bhupesh Sharma <bhsharma@redhat.com> wrote:
> > >
> > > Hi Ard,
> > >
> > > On Tue, Oct 29, 2019 at 11:10 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> > > >
> > > > From: Dominik Brodowski <linux@dominikbrodowski.net>
> > > >
> > > > Commit 428826f5358c ("fdt: add support for rng-seed") introduced
> > > > add_bootloader_randomness(), permitting randomness provided by the
> > > > bootloader or firmware to be credited as entropy. However, the fact
> > > > that the UEFI support code was already wired into the RNG subsystem
> > > > via a call to add_device_randomness() was overlooked, and so it was
> > > > not converted at the same time.
> > > >
> > > > Note that this UEFI (v2.4 or newer) feature is currently only
> > > > implemented for EFI stub booting on ARM, and further note that
> > > > CONFIG_RANDOM_TRUST_BOOTLOADER must be enabled, and this should be
> > > > done only if there indeed is sufficient trust in the bootloader
> > > > _and_ its source of randomness.
> > > >
> > > > Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
> > > > [ardb: update commit log]
> > > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > >
> > > Seems my Tested-by was dropped which I provide for the RFC version of
> > > this patch.
> > > See <https://www.mail-archive.com/linux-efi@vger.kernel.org/msg12281.html>
> > > for details.
> > >
> > > I can provide a similar Tested-by for this version as well.
> > >
> >
> > Thanks Bhupesh
>
> I've added Bhupesh's Tested-by to the commit - no need to resend.
>
> I've picked up all 6 EFI fixes, will push them out after a bit of testing
> - sorry about the delay!
>

No worries, thanks for picking them up.

^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2019-10-31 13:48 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel
2019-10-29 17:37 ` [PATCH v2 1/6] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only Ard Biesheuvel
2019-10-31 11:55   ` [tip: efi/urgent] " tip-bot2 for Narendra K
2019-10-29 17:37 ` [PATCH v2 2/6] efi/tpm: return -EINVAL when determining tpm final events log size fails Ard Biesheuvel
2019-10-31 11:55   ` [tip: efi/urgent] efi/tpm: Return " tip-bot2 for Jerry Snitselaar
2019-10-29 17:37 ` [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness Ard Biesheuvel
2019-10-29 19:14   ` Bhupesh Sharma
2019-10-31  8:24     ` Ard Biesheuvel
2019-10-31  8:41       ` Ingo Molnar
2019-10-31 13:47         ` Ard Biesheuvel
2019-10-31 11:55   ` [tip: efi/urgent] efi/random: Treat " tip-bot2 for Dominik Brodowski
2019-10-29 17:37 ` [PATCH v2 4/6] efi: libstub/arm: account for firmware reserved memory at the base of RAM Ard Biesheuvel
2019-10-31 11:55   ` [tip: efi/urgent] efi: libstub/arm: Account " tip-bot2 for Ard Biesheuvel
2019-10-29 17:37 ` [PATCH v2 5/6] x86, efi: never relocate kernel below lowest acceptable address Ard Biesheuvel
2019-10-31 11:55   ` [tip: efi/urgent] x86, efi: Never " tip-bot2 for Kairui Song
2019-10-29 17:37 ` [PATCH v2 6/6] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN Ard Biesheuvel
2019-10-31 11:55   ` [tip: efi/urgent] efi/efi_test: Lock " tip-bot2 for Javier Martinez Canillas

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).