On Wed, 16 Nov 2022 at 21:06, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > > Taking the minimum is wrong, if the bootloader or EFI stub is actually > passing on a bunch of bytes that it expects the kernel to hash itself. We still need some kind of limit, just so things don't explode if seed->size is bogus. > Ideally, a bootloader will hash it for us, but STUB won't do that, so we > should map all the bytes. Also, all those bytes must be zeroed out after > use to preserve forward secrecy. > > Fixes: 161a438d730d ("efi: random: reduce seed size to 32 bytes") > Cc: stable@xxxxxxxxxxxxxxx # v4.14+ > Cc: Ard Biesheuvel <ardb@xxxxxxxxxx> > Cc: Ilias Apalodimas <ilias.apalodimas@xxxxxxxxxx> > Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> > --- > drivers/firmware/efi/efi.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c > index f73709f7589a..819409b7b43b 100644 > --- a/drivers/firmware/efi/efi.c > +++ b/drivers/firmware/efi/efi.c > @@ -630,7 +630,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables, > > seed = early_memremap(efi_rng_seed, sizeof(*seed)); > if (seed != NULL) { > - size = min(seed->size, EFI_RANDOM_SEED_SIZE); > + size = seed->size; > early_memunmap(seed, sizeof(*seed)); > } else { > pr_err("Could not map UEFI random seed!\n"); > @@ -641,6 +641,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables, > if (seed != NULL) { > pr_notice("seeding entropy pool\n"); > add_bootloader_randomness(seed->bits, size); > + memzero_explicit(seed->bits, size); > early_memunmap(seed, sizeof(*seed) + size); > } else { > pr_err("Could not map UEFI random seed!\n"); > -- > 2.38.1 >