On Fri, 20 May 2022 at 08:52, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > On Thu, 19 May 2022 at 13:09, mawupeng <mawupeng1@xxxxxxxxxx> wrote: > > > > > > > > 在 2022/5/7 17:28, mawupeng 写道: > > > > > > > > > 在 2022/5/3 17:58, Ard Biesheuvel 写道: > > >> On Tue, 19 Apr 2022 at 08:43, Wupeng Ma <mawupeng1@xxxxxxxxxx> wrote: > > >>> > > >>> From: Ma Wupeng <mawupeng1@xxxxxxxxxx> > > >>> > > >>> Now system image will perfer to be located to mirrored regions both KASLR > > >>> on and off. > > >>> > > >> > > >> Hello Ma Wupeng, > > >> > > >> I wonder if we could simplify this as follows: > > >> - ignore the non-KASLR case for now, and rely on the bootloader > load the image into mirrored memory if it exists; > > > > > > In grub, memory for static image is allocated via the following path: > > > > > > grub_cmd_linux > > > kernel = grub_malloc(filelen) > > > kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages) > > > grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size)) > > > grub_loader_set (grub_linux_boot, grub_linux_unload, 0) > > > > > > Can we get memory from mirrored region by the following steps: > > > 1. get memory map by calling grub_efi_get_memory_map() > > > 2. iter all memory map to find a suitable mirrored memory area > > > 3. locate kernel image to this area > > > > > > So, if kaslr is not enabled > > > - grub will load kernel into mirrored region > > > else > > > - arm64-stub.c will relocate kernel image to mirrored region > > > > > > Is this feasible? > > > > Is this a feasible proposal to relocate the static kernel image itself > > into more reliable memory? > > > > I'm not sure, it all depends on the firmware. > > When GRUB calls LoadImage(), the firmware will reallocate the image > and unpack it there. So it is really the firmware's job to ensure that > the image is loaded into a suitable location. > > I have some code here that implements a EFI based decompressor, and > which loads the kernel image into mirrored memory if it exists, > without the need to move it again. It could trivially be modified to > deal with non-randomized loads as well. > Code is here https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=efi-decompressor-v2
