leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e69176d68d
linux/drivers/firmware/efi
History
Ard Biesheuvel e69176d68d ef/libstub/arm/arm64: Randomize the base of the UEFI rt services region 
Update the allocation logic for the virtual mapping of the UEFI runtime
services to start from a randomized base address if KASLR is in effect,
and if the UEFI firmware exposes an implementation of EFI_RNG_PROTOCOL.

This makes it more difficult to predict the location of exploitable
data structures in the runtime UEFI firmware, which increases robustness
against attacks. Note that these regions are only mapped during the
time a runtime service call is in progress, and only on a single CPU
at a time, bit given the lack of a downside, let's enable it nonetheless.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bhe@redhat.com
Cc: bhsharma@redhat.com
Cc: eugene@hp.com
Cc: evgeny.kalugin@intel.com
Cc: jhugo@codeaurora.org
Cc: leif.lindholm@linaro.org
Cc: linux-efi@vger.kernel.org
Cc: mark.rutland@arm.com
Cc: roy.franz@cavium.com
Cc: rruigrok@codeaurora.org
Link: http://lkml.kernel.org/r/20170404160910.28115-3-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-04-05 12:27:29 +02:00
..
libstub ef/libstub/arm/arm64: Randomize the base of the UEFI rt services region 2017-04-05 12:27:29 +02:00
test efi/efi_test: Use memdup_user() as a cleanup 2016-10-18 17:11:19 +02:00
apple-properties.c x86/efi: Retrieve and assign Apple device properties 2016-11-13 08:23:16 +01:00
arm-init.c efi: Make EFI_MEMORY_ATTRIBUTES_TABLE initialization common across all architectures 2017-02-01 08:45:43 +01:00
arm-runtime.c efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y 2017-03-02 08:11:19 +01:00
capsule-loader.c efi/capsule: Allocate whole capsule into virtual memory 2016-08-11 13:55:36 +02:00
capsule.c efi/capsule: Allocate whole capsule into virtual memory 2016-08-11 13:55:36 +02:00
cper.c efi: Handle memory error structures produced based on old versions of standard 2015-07-15 13:30:38 +01:00
dev-path-parser.c efi: Add device path parser 2016-11-13 08:23:15 +01:00
efi-bgrt.c x86/efi/bgrt: Move efi-bgrt handling out of arch/x86 2017-04-05 12:27:24 +02:00
efi-pstore.c efi/pstore: Return error code (if any) from efi_pstore_write() 2017-04-05 12:27:25 +02:00
efi.c efi/esrt: Cleanup bad memory map log messages 2017-03-17 18:53:12 +00:00
efibc.c efibc: Report more information in the error messages 2016-06-27 13:06:54 +02:00
efivars.c efi: Don't use spinlocks for efi vars 2016-09-09 16:08:42 +01:00
esrt.c efi/esrt: Cleanup bad memory map log messages 2017-03-17 18:53:12 +00:00
fake_mem.c x86/efi: Don't allocate memmap through memblock after mm_init() 2017-01-07 08:58:07 +01:00
Kconfig x86/efi: Retrieve and assign Apple device properties 2016-11-13 08:23:16 +01:00
Makefile x86/efi/bgrt: Move efi-bgrt handling out of arch/x86 2017-04-05 12:27:24 +02:00
memattr.c x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE 2017-02-01 08:45:44 +01:00
memmap.c x86/efi: Don't allocate memmap through memblock after mm_init() 2017-01-07 08:58:07 +01:00
reboot.c efi: Add 'capsule' update support 2016-04-28 11:34:03 +02:00
runtime-map.c efi/runtime-map: Use efi.memmap directly instead of a copy 2016-09-09 16:08:36 +01:00
runtime-wrappers.c efi: Replace runtime services spinlock with semaphore 2016-09-09 16:08:43 +01:00
vars.c efi: Don't use spinlocks for efi vars 2016-09-09 16:08:42 +01:00