On Wed, 20 Jan 2021 at 17:38, Mark Brown <broonie@xxxxxxxxxx> wrote:
>
> Currently the EFI stub prints a diagnostic on boot saying that KASLR will
> be disabled if it is unable to use the EFI RNG protocol to obtain a seed
> for KASLR. With the addition of support for v8.5-RNG and the SMCCC RNG
> protocol it is now possible for KASLR to obtain entropy even if the EFI
> RNG protocol is unsupported in the system, and the main kernel now
> explicitly says if KASLR is active itself. This can result in a boot
> log where the stub says KASLR has been disabled and the main kernel says
> that it is enabled which is confusing for users.
>
> Remove the explicit reference to KASLR from the diagnostics, the warnings
> are still useful as EFI is the only source of entropy the stub uses when
> randomizing the physical address of the kernel and the other sources may
> not be available.
>
> Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
> ---
>
> v2: Remove all reference to KASLR from the log messages and clarify
> physical address randomization use of the EFI RNG seed.
>
Thanks Mark. I will merge this in efi/next
> drivers/firmware/efi/libstub/arm64-stub.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
> index 22ece1ad68a8..b69d63143e0d 100644
> --- a/drivers/firmware/efi/libstub/arm64-stub.c
> +++ b/drivers/firmware/efi/libstub/arm64-stub.c
> @@ -61,10 +61,10 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
> status = efi_get_random_bytes(sizeof(phys_seed),
> (u8 *)&phys_seed);
> if (status == EFI_NOT_FOUND) {
> - efi_info("EFI_RNG_PROTOCOL unavailable, KASLR will be disabled\n");
> + efi_info("EFI_RNG_PROTOCOL unavailable\n");
> efi_nokaslr = true;
> } else if (status != EFI_SUCCESS) {
> - efi_err("efi_get_random_bytes() failed (0x%lx), KASLR will be disabled\n",
> + efi_err("efi_get_random_bytes() failed (0x%lx)\n",
> status);
> efi_nokaslr = true;
> }
> --
> 2.20.1
>
