efi/libstub: Enable reset attack mitigation (ccc829ba) · Commits · 戴 / test

arch/x86/boot/compressed/eboot.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -997,6 +997,9 @@ struct boot_params efi_main(struct efi_config c,
		if (boot_params->secure_boot == efi_secureboot_mode_unset)
		boot_params->secure_boot = efi_get_secureboot(sys_table);

		/* Ask the firmware to clear memory on unclean shutdown */
		efi_enable_reset_attack_mitigation(sys_table);

		setup_graphics(boot_params);

		setup_efi_pci(boot_params);

drivers/firmware/efi/Kconfig

+10 −0

Original line number	Diff line number	Diff line
		@@ -151,6 +151,16 @@ config APPLE_PROPERTIES

		If unsure, say Y if you have a Mac. Otherwise N.

		config RESET_ATTACK_MITIGATION
		bool "Reset memory attack mitigation"
		depends on EFI_STUB
		help
		Request that the firmware clear the contents of RAM after a reboot
		using the TCG Platform Reset Attack Mitigation specification. This
		protects against an attacker forcibly rebooting the system while it
		still contains secrets in RAM, booting another OS and extracting the
		secrets.

		endmenu

		config UEFI_CPER

drivers/firmware/efi/libstub/Makefile

+1 −0

Original line number	Diff line number	Diff line
		@@ -30,6 +30,7 @@ OBJECT_FILES_NON_STANDARD := y
		KCOV_INSTRUMENT := n

		lib-y := efi-stub-helper.o gop.o secureboot.o
		lib-$(CONFIG_RESET_ATTACK_MITIGATION) += tpm.o

		# include the stub's generic dependencies from lib/ when building for ARM/arm64
		arm-deps := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c sort.c

drivers/firmware/efi/libstub/arm-stub.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -192,6 +192,9 @@ unsigned long efi_entry(void handle, efi_system_table_t sys_table,
		goto fail_free_cmdline;
		}

		/* Ask the firmware to clear memory on unclean shutdown */
		efi_enable_reset_attack_mitigation(sys_table);

		secure_boot = efi_get_secureboot(sys_table);

		/*

drivers/firmware/efi/libstub/tpm.c

0 → 100644

+58 −0

Original line number	Diff line number	Diff line
		/*
		* TPM handling.
		*
		* Copyright (C) 2016 CoreOS, Inc
		* Copyright (C) 2017 Google, Inc.
		* Matthew Garrett <mjg59@google.com>
		*
		* This file is part of the Linux kernel, and is made available under the
		* terms of the GNU General Public License version 2.
		*/
		#include <linux/efi.h>
		#include <asm/efi.h>

		#include "efistub.h"

		static const efi_char16_t efi_MemoryOverWriteRequest_name[] = {
		'M', 'e', 'm', 'o', 'r', 'y', 'O', 'v', 'e', 'r', 'w', 'r', 'i', 't',
		'e', 'R', 'e', 'q', 'u', 'e', 's', 't', 'C', 'o', 'n', 't', 'r', 'o',
		'l', 0
		};

		#define MEMORY_ONLY_RESET_CONTROL_GUID \
		EFI_GUID(0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29)

		#define get_efi_var(name, vendor, ...) \
		efi_call_runtime(get_variable, \
		(efi_char16_t )(name), (efi_guid_t )(vendor), \
		__VA_ARGS__)

		#define set_efi_var(name, vendor, ...) \
		efi_call_runtime(set_variable, \
		(efi_char16_t )(name), (efi_guid_t )(vendor), \
		__VA_ARGS__)

		/*
		* Enable reboot attack mitigation. This requests that the firmware clear the
		* RAM on next reboot before proceeding with boot, ensuring that any secrets
		* are cleared. If userland has ensured that all secrets have been removed
		* from RAM before reboot it can simply reset this variable.
		*/
		void efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg)
		{
		u8 val = 1;
		efi_guid_t var_guid = MEMORY_ONLY_RESET_CONTROL_GUID;
		efi_status_t status;
		unsigned long datasize = 0;

		status = get_efi_var(efi_MemoryOverWriteRequest_name, &var_guid,
		NULL, &datasize, NULL);

		if (status == EFI_NOT_FOUND)
		return;

		set_efi_var(efi_MemoryOverWriteRequest_name, &var_guid,
		EFI_VARIABLE_NON_VOLATILE \|
		EFI_VARIABLE_BOOTSERVICE_ACCESS \|
		EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), &val);
		}

Admin message