| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Sep 2016 11:52:05 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Matt Fleming <matt@...eblueprint.co.uk>
CC: Andy Lutomirski <luto@...capital.net>,
kasan-dev <kasan-dev@...glegroups.com>,
"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
linux-arch <linux-arch@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Paolo Bonzini <pbonzini@...hat.com>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
<iommu@...ts.linux-foundation.org>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
Jonathan Corbet <corbet@....net>,
Radim Krčmář <rkrcmar@...hat.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
Alexander Potapenko <glider@...gle.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Arnd Bergmann <arnd@...db.de>, Joerg Roedel <joro@...tes.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
"H. Peter Anvin" <hpa@...or.com>, X86 ML <x86@...nel.org>,
kvm list <kvm@...r.kernel.org>, Dave Young <dyoung@...hat.com>
Subject: Re: [RFC PATCH v2 11/20] mm: Access BOOT related data in the clear
On 09/15/2016 04:57 AM, Matt Fleming wrote:
> On Wed, 14 Sep, at 09:20:44AM, Tom Lendacky wrote:
>> On 09/12/2016 11:55 AM, Andy Lutomirski wrote:
>>> On Aug 22, 2016 6:53 PM, "Tom Lendacky" <thomas.lendacky@....com> wrote:
>>>>
>>>> BOOT data (such as EFI related data) is not encyrpted when the system is
>>>> booted and needs to be accessed as non-encrypted. Add support to the
>>>> early_memremap API to identify the type of data being accessed so that
>>>> the proper encryption attribute can be applied. Currently, two types
>>>> of data are defined, KERNEL_DATA and BOOT_DATA.
>>>
>>> What happens when you memremap boot services data outside of early
>>> boot? Matt just added code that does this.
>>>
>>> IMO this API is not so great. It scatters a specialized consideration
>>> all over the place. Could early_memremap not look up the PA to figure
>>> out what to do?
>>
>> Yes, I could see if the PA falls outside of the kernel usable area and,
>> if so, remove the memory encryption attribute from the mapping (for both
>> early_memremap and memremap).
>>
>> Let me look into that, I would prefer something along that line over
>> this change.
>
> So, the last time we talked about using the address to figure out
> whether to encrypt/decrypt you said,
>
> "I looked into this and this would be a large change also to parse
> tables and build lists."
>
> Has something changed that makes this approach easier?
The original idea of parsing the tables and building a list was
a large change. This approach would be simpler by just checking if
the PA is outside the kernel usable area, and if so, removing the
encryption bit.
>
> And again, you need to be careful with the EFI kexec code paths, since
> you've got a mixture of boot and kernel data being passed. In
> particular the EFI memory map is allocated by the firmware on first
> boot (BOOT_DATA) but by the kernel on kexec (KERNEL_DATA).
>
> That's one of the reasons I suggested requiring the caller to decide
> on BOOT_DATA vs KERNEL_DATA - when you start looking at kexec the
> distinction isn't easily made.
Yeah, for kexec I think I'll need to make sure that everything looks
like it came from the BIOS/UEFI/bootloader. If all of the kexec
pieces are allocated with un-encrypted memory, then the boot path
should remain the same. That's the piece I need to investigate
further.
Thanks,
Tom
>
Powered by blists - more mailing lists