On Thu, 17 Nov 2022 at 01:39, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
>
> Taking the minimum is wrong, if the bootloader or EFI stub is actually
> passing on a bunch of bytes that it expects the kernel to hash itself.
> Ideally, a bootloader will hash it for us, but STUB won't do that, so we
> should map all the bytes. Also, all those bytes must be zeroed out after
> use to preserve forward secrecy.
>
> Fixes: 161a438d730d ("efi: random: reduce seed size to 32 bytes")
> Cc: stable@xxxxxxxxxxxxxxx # v4.14+
> Cc: Ard Biesheuvel <ardb@xxxxxxxxxx>
> Cc: Ilias Apalodimas <ilias.apalodimas@xxxxxxxxxx>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> ---
> Changes v1->v2:
> - Cap size to 1k.
> drivers/firmware/efi/efi.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
Thanks. I'll just incorporate this into the patch that does the
concatenation of seeds in the stub, which is queued up for v6.2
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index a46df5d1d094..c7c7178902c2 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -611,7 +611,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables,
>
> seed = early_memremap(efi_rng_seed, sizeof(*seed));
> if (seed != NULL) {
> - size = min(seed->size, EFI_RANDOM_SEED_SIZE);
> + size = min_t(u32, SZ_1K, seed->size);
> early_memunmap(seed, sizeof(*seed));
> } else {
> pr_err("Could not map UEFI random seed!\n");
> @@ -622,6 +622,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables,
> if (seed != NULL) {
> pr_notice("seeding entropy pool\n");
> add_bootloader_randomness(seed->bits, size);
> + memzero_explicit(seed->bits, size);
> early_memunmap(seed, sizeof(*seed) + size);
> } else {
> pr_err("Could not map UEFI random seed!\n");
> --
> 2.38.1
>
