| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 May 2024 18:31:09 +0100
From: Conor Dooley <conor@...nel.org>
To: Jesse Taube <jesse@...osinc.com>
Cc: linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, Alexandre Ghiti <alexghiti@...osinc.com>,
Palmer Dabbelt <palmer@...belt.com>,
Albert Ou <aou@...s.berkeley.edu>,
Björn Töpel <bjorn@...osinc.com>,
Paul Walmsley <paul.walmsley@...ive.com>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Masahiro Yamada <masahiroy@...nel.org>
Subject: Re: [PATCH v0] RISC-V: Use Zkr to seed KASLR base address
On Fri, May 31, 2024 at 12:23:27PM -0400, Jesse Taube wrote:
> Dectect the Zkr extension and use it to seed the kernel base address.
>
> Detection of the extension can not be done in the typical fashion, as
> this is very early in the boot process. Instead, add a trap handler
> and run it to see if the extension is present.
You can't rely on the lack of a trap meaning that Zkr is present unless
you know that the platform implements Ssstrict. The CSR with that number
could do anything if not Ssstrict compliant, so this approach gets a
nak from me. Unfortunately, Ssstrict doesn't provide a way to detect
it, so you're stuck with getting that information from firmware.
For DT systems, you can actually parse the DT in the pi, we do it to get
the kaslr seed if present, so you can actually check for Zkr. With ACPI
I have no idea how you can get that information, I amn't an ACPI-ist.
Thanks,
Conor.
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists