| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Sep 2020 13:26:34 -0400
From: Jason Andryuk <jandryuk@...il.com>
To: Ross Philipson <ross.philipson@...cle.com>
Cc: open list <linux-kernel@...r.kernel.org>, x86@...nel.org,
iommu@...ts.linux-foundation.org, linux-integrity@...r.kernel.org,
linux-doc@...r.kernel.org,
Daniel Smith <dpsmith@...rtussolutions.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>, luto@...capital.net,
trenchboot-devel@...glegroups.com
Subject: Re: [PATCH 03/13] x86: Add early SHA support for Secure Launch early measurements
On Thu, Sep 24, 2020 at 11:00 AM Ross Philipson
<ross.philipson@...cle.com> wrote:
>
> The SHA algorithms are necessary to measure configuration information into
> the TPM as early as possible before using the values. This implementation
> uses the established approach of #including the SHA libraries directly in
> the code since the compressed kernel is not uncompressed at this point.
>
> The SHA code here has its origins in the code from the main kernel. That
> code could not be pulled directly into the setup portion of the compressed
> kernel because of other dependencies it pulls in. The result is this is a
> modified copy of that code that still leverages the core SHA algorithms.
>
> Signed-off-by: Daniel P. Smith <dpsmith@...rtussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> ---
> arch/x86/boot/compressed/Makefile | 4 +
> arch/x86/boot/compressed/early_sha1.c | 104 ++++++++++++++++
> arch/x86/boot/compressed/early_sha1.h | 17 +++
> arch/x86/boot/compressed/early_sha256.c | 6 +
> arch/x86/boot/compressed/early_sha512.c | 6 +
> include/linux/sha512.h | 21 ++++
> lib/sha1.c | 4 +
> lib/sha512.c | 209 ++++++++++++++++++++++++++++++++
> 8 files changed, 371 insertions(+)
> create mode 100644 arch/x86/boot/compressed/early_sha1.c
> create mode 100644 arch/x86/boot/compressed/early_sha1.h
> create mode 100644 arch/x86/boot/compressed/early_sha256.c
> create mode 100644 arch/x86/boot/compressed/early_sha512.c
> create mode 100644 include/linux/sha512.h
> create mode 100644 lib/sha512.c
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index ff7894f..0fd84b9 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -96,6 +96,10 @@ vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o
> vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o
> efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a
>
> +vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/early_sha1.o
> +vmlinux-objs-$(CONFIG_SECURE_LAUNCH_SHA256) += $(obj)/early_sha256.o
> +vmlinux-objs-$(CONFIG_SECURE_LAUNCH_SHA512) += $(obj)/early_sha512.o
> +
> # The compressed kernel is built with -fPIC/-fPIE so that a boot loader
> # can place it anywhere in memory and it will still run. However, since
> # it is executed as-is without any ELF relocation processing performed
> diff --git a/arch/x86/boot/compressed/early_sha1.c b/arch/x86/boot/compressed/early_sha1.c
> new file mode 100644
> index 0000000..198c46d
> --- /dev/null
> +++ b/arch/x86/boot/compressed/early_sha1.c
> @@ -0,0 +1,104 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2020, Oracle and/or its affiliates.
> + * Copyright (c) 2020 Apertus Solutions, LLC.
> + */
> +
> +#include <linux/init.h>
> +#include <linux/linkage.h>
> +#include <linux/string.h>
> +#include <asm/boot.h>
> +#include <asm/unaligned.h>
> +
> +#include "early_sha1.h"
> +
> +#define SHA1_DISABLE_EXPORT
> +#include "../../../../lib/sha1.c"
> +
> +/* The SHA1 implementation in lib/sha1.c was written to get the workspace
> + * buffer as a parameter. This wrapper function provides a container
> + * around a temporary workspace that is cleared after the transform completes.
> + */
> +static void __sha_transform(u32 *digest, const char *data)
> +{
> + u32 ws[SHA1_WORKSPACE_WORDS];
> +
> + sha1_transform(digest, data, ws);
> +
> + memset(ws, 0, sizeof(ws));
> + /*
> + * As this is cryptographic code, prevent the memset 0 from being
> + * optimized out potentially leaving secrets in memory.
> + */
> + wmb();
You can use memzero_explicit instead of open coding it.
Regards,
Jason
Powered by blists - more mailing lists