Received: by 10.192.165.148 with SMTP id m20csp5299461imm; Tue, 1 May 2018 12:30:02 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqfSGATZzDOi3yJgfI8X2cMKVM7h7wROaSGrFpSP724bHIOC7LAmaQqQiM2EQ8enjbltQpd X-Received: by 10.98.8.69 with SMTP id c66mr4870400pfd.189.1525203002374; Tue, 01 May 2018 12:30:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525203002; cv=none; d=google.com; s=arc-20160816; b=nWUx9I8S6WqCaKTFOFuS+P+oN3YtpjNRll8DVydTjHaz9b1DqWgofELTBNnYHUwy4B DG7ssbsK2Vh5/OeMZ0kaZlW0iJ6S/Pw2XkPHiBJ198LLee6z0dgsUSbZpzIZgM5LYnQh 1u6HKlQ8Gz2QqTBiei86Sb2d8Sd1Kwrs6PsQHdwaibiNxumTkXzro4tnY8mv88l/OnLa rmFmYnniSIUOBD/qB3WZhapbdSPKURQtzyV6Lju513DawVvWNIkkiPvaO/kAKbHs2n7I SwXGP7xjjDo8K2POr/6qlkU3LFWiH9Mvd8Dat+vO7sNIuqCTUCFy7v3C1DFDIagclI5v Rwww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dmarc-filter :arc-authentication-results; bh=T7inblU0jetzrIgR56kMhXSbStqIunryn5B8xtPXMpY=; b=cHJJuLdC8retdsikyJammH7EwcbbuMX1oYEyg9zsKE3HYLGV3I2Kabk7UXcd6QjCSE 8EW0yAHACdhBe8exJx8vJFax0e521kWQXbTFfncypHbv5oSP5zLMjfUZ9FRk6JGfDr98 cml2UT/71rSQ8PGcNVxCu9EBJaEsQEyCk24fXRkJbzdnSf0iK/5oVuOryy/Ox/kpffyN SjiKi8CeoKmPAZYfGX7Cm+NfITSAGhMx61pkQQd+BVfDVCnpk4+mz1x5zV2xbuqOfeLh /FBppXpVR5JVk26HGr8Yv+p6inQadGawFE1o2wc/HBOXGiRj6dab/Nti/F0n1sBnlglb nsKQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k195-v6si8244571pgc.493.2018.05.01.12.29.47; Tue, 01 May 2018 12:30:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751090AbeEAT3g (ORCPT + 99 others); Tue, 1 May 2018 15:29:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:56438 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750785AbeEAT3e (ORCPT ); Tue, 1 May 2018 15:29:34 -0400 Received: from mail-wm0-f51.google.com (mail-wm0-f51.google.com [74.125.82.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 78CA023710 for ; Tue, 1 May 2018 19:29:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 78CA023710 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-wm0-f51.google.com with SMTP id n10so20454541wmc.1 for ; Tue, 01 May 2018 12:29:33 -0700 (PDT) X-Gm-Message-State: ALQs6tBi3Fgng378MsUxvqvMaxbDn87+bhCKCIiU6uhdhFLElOZmlVVa xFRfj9dYFo0UC4zQpsyDqkociusriccglTHZY8yE0w== X-Received: by 10.28.169.6 with SMTP id s6mr9753641wme.116.1525202969762; Tue, 01 May 2018 12:29:29 -0700 (PDT) MIME-Version: 1.0 References: <20180429093558.5411-1-hdegoede@redhat.com> <20180429093558.5411-3-hdegoede@redhat.com> In-Reply-To: <20180429093558.5411-3-hdegoede@redhat.com> From: Andy Lutomirski Date: Tue, 01 May 2018 19:29:19 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 2/5] efi: Add embedded peripheral firmware support To: Hans de Goede Cc: Ard Biesheuvel , "Luis R. Rodriguez" , Greg KH , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Peter Jones , dave@bewaar.me, Will Deacon , Andrew Lutomirski , Matt Fleming , David Howells , Mimi Zohar , Josh Triplett , Dmitry Torokhov , Martin Fuzzey , Kalle Valo , Arend Van Spriel , Linus Torvalds , nbroeking@me.com, Bjorn Andersson , duwe@suse.de, Kees Cook , X86 ML , linux-efi , LKML , LSM List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 29, 2018 at 2:36 AM Hans de Goede wrote: > +The EFI embedded-fw code works by scanning all EFI_BOOT_SERVICES_CODE memory > +segments for an eight byte sequence matching prefix, if the prefix is found it > +then does a crc32 over length bytes and if that matches makes a copy of length > +bytes and adds that to its list with found firmwares. > + Eww, gross. Is there really no better way to do this? Is the issue that the EFI code does not intend to pass the firmware to the OS but that it has a copy for its own purposes and that Linux is just going to hijack EFI's copy? If so, that's brilliant and terrible at the same time. > + for (i = 0; i < size; i += 8) { > + if (*((u64 *)(mem + i)) != *((u64 *)desc->prefix)) > + continue; > + > + /* Seed with ~0, invert to match crc32 userspace utility */ > + crc = ~crc32(~0, mem + i, desc->length); > + if (crc == desc->crc) > + break; > + } I hate to play the security card, but this stinks a bit. The kernel obviously needs to trust the EFI boot services code since the EFI boot services code is free to modify the kernel image. But your patch is not actually getting this firmware blob from the boot services code via any defined interface -- you're literally snarfing up the blob from a range of memory. I fully expect there to be any number of ways for untrustworthy entities to inject malicious blobs into this memory range on quite a few implementations. For example, there are probably unauthenticated EFI variables and even parts of USB sticks and such that get read into boot services memory, and I see no reason at all to expect that nothing in the so-called "boot services code" range is actually just plain old boot services *heap*. Fortunately, given your design, this is very easy to fix. Just replace CRC32 with SHA-256 or similar. If you find the crypto api too ugly for this purpose, I have patches that only need a small amount of dusting off to give an entirely reasonable SHA-256 API in the kernel. (To be clear, I don't love my own suggestion here. What I'd *really* like to see is a better interface and no attempt to match the data to some built-in hash at all. In particular, there are plenty of devices for which the driver wants access to a genuinely device-specific blob. For example, I'm typing this email while connected to a router that is running ath10k and is using a calibration blob awkwardly snarfed out of flash somewhere. It would be really nice if there was a way to pull a blob out of EFI space that is marked, by EFI, as belonging to a particular device. Then the firmware could just pass it over without any particular verification. But since your code is literally scanning a wide swath of physical memory for something that looks like a valid blob, I think you need to use a cryptographically strong concept of validity.)