| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160623193358.GL9922@io.lakedaemon.net> Date: Thu, 23 Jun 2016 19:33:58 +0000 From: Jason Cooper <jason@...edaemon.net> To: Kees Cook <keescook@...omium.org> Cc: Thomas Garnier <thgarnie@...gle.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>, "x86@...nel.org" <x86@...nel.org>, Borislav Petkov <bp@...e.de>, Baoquan He <bhe@...hat.com>, Yinghai Lu <yinghai@...nel.org>, Juergen Gross <jgross@...e.com>, Matt Fleming <matt@...eblueprint.co.uk>, Toshi Kani <toshi.kani@....com>, Andrew Morton <akpm@...ux-foundation.org>, Dan Williams <dan.j.williams@...el.com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Xiao Guangrong <guangrong.xiao@...ux.intel.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, Alexander Kuleshov <kuleshovmail@...il.com>, Alexander Popov <alpopov@...ecurity.com>, Dave Young <dyoung@...hat.com>, Joerg Roedel <jroedel@...e.de>, Lv Zheng <lv.zheng@...el.com>, Mark Salter <msalter@...hat.com>, Dmitry Vyukov <dvyukov@...gle.com>, Stephen Smalley <sds@...ho.nsa.gov>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, Christian Borntraeger <borntraeger@...ibm.com>, Jan Beulich <JBeulich@...e.com>, LKML <linux-kernel@...r.kernel.org>, Jonathan Corbet <corbet@....net>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org> Subject: Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR Hey Kees, Thomas, On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: > On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier <thgarnie@...gle.com> wrote: > > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper <jason@...edaemon.net> wrote: > >> Hey Kees, > >> > >> On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: > >>> Notable problems that needed solving: > >> ... > >>> - Reasonable entropy is needed early at boot before get_random_bytes() > >>> is available. > >> > >> This series is targetting x86, which typically has RDRAND/RDSEED > >> instructions. Are you referring to other arches? Older x86? Also, > >> isn't this the same requirement for base address KASLR? > >> > >> Don't get me wrong, I want more diverse entropy sources available > >> earlier in the boot process as well. :-) I'm just wondering what's > >> different about this series vs base address KASLR wrt early entropy > >> sources. > >> > > > > I think Kees was referring to the refactor I did to get the similar > > entropy generation than KASLR module randomization. Our approach was > > to provide best entropy possible even if you have an older processor > > or under virtualization without support for these instructions. > > Unfortunately common on companies with a large number of older > > machines. > > Right, the memory offset KASLR uses the same routines as the kernel > base KASLR. The issue is with older x86 systems, which continue to be > very common. We have the same issue in embedded. :-( Compounded by the fact that there is no rand instruction (at least not on ARM). So, even if there's a HW-RNG, you can't access it until the driver is loaded. This is compounded by the fact that most systems deployed today have bootloaders a) without hw-rng drivers, b) without dtb editing, and c) without dtb support at all. My current thinking is to add a devicetree property "userspace,random-seed" <address, len>. This way, existing, deployed boards can append a dtb to a modern kernel with the property set. The factory bootloader then only needs to amend its boot scripts to read random-seed from the fs to the given address. Modern systems that receive a seed from the bootloader via the random-seed property (typically from the hw-rng) can mix both sources for increased resilience. Unfortunately, I'm not very familiar with the internals of x86 bootstrapping. Could GRUB be scripted to do a similar task? How would the address and size of the seed be passed to the kernel? command line? thx, Jason.
Powered by blists - more mailing lists