Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp1736456rda; Tue, 24 Oct 2023 01:23:05 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGO5g7I/lFtISkU0rgBN5wMhrDxwUSIFKfVeAUfZYk9IrYHVvHjYc+vNLONvMdh9x+PDG88 X-Received: by 2002:a05:6870:6124:b0:1ea:4a3c:a597 with SMTP id s36-20020a056870612400b001ea4a3ca597mr13229874oae.33.1698135785238; Tue, 24 Oct 2023 01:23:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698135785; cv=none; d=google.com; s=arc-20160816; b=iBqWGqPqxYEYUjrxKPgtQEPNI7IIZBCIO8WISyOKT7hLIzB/5c4NKfp392SKBTA+Nh B7ZsIokW7ajllAzcWCdMO6HmmheIl3j5/P1H+I/7Li/VpPnEkXnIKah9we3rBPCvOAZP M6rjLB2dKdzKjdvSVrs/bAA2ESpzzyW0oWpO+n3QFKzzkYxWrJIVGne5mlDLuzgy38iD 4ts6LEGo3vHDUuJeqjmZMHlAc+5RC9O5Wl5RIY1Mt2TNxZQEri4rEZkCIz+vXLEFM1OQ 5KUM+khm4avOjHIaAwMvnesCd95H40t1VjynwYRqFQmYbJH+Ql5fy1ejAOCgLyjOGfDN mTHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=D9F/759QdJCkoh5wUbqRsVVyJH0HQU33MHabrg7gucw=; fh=TaQwNerPMUPEctIMnDuEa1whaZ/EUZl2JAF1dbli0NA=; b=feSrPmcmorOZifTr4+oJ9lLlxtjyLVI2xMPxe5hyCGWjUz2nUNTUMQ9NtUW1nE2OJA 6/M5hbU+hf/RTs/ISHzBHWoT2RJiHZXaQGJxUVeqxkqGN3wkAFNTWISYxicSGfjDuWju MwNlONdpRzLr59tU7329+ZlE2q9EaVZotyoeMW9AzJlEjY5e68fS+WA8EDuN3szy/J12 4t+2sAeVFppNFynKEEPUkBLXgD5qnJ6KSyn4siF0yyyG7IfesUhYhk95Bg3mbeITRbN3 graPZKxQovz3jy/vfA915/uOzFfw+PxlWOkc0zzcI9vQOUJgU2jIlsBkfvEPbILdFmmd BOLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HIhMQioM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id z25-20020a656659000000b0059fa3d2e560si7539002pgv.298.2023.10.24.01.23.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 01:23:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HIhMQioM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 6AF4E80A855A; Tue, 24 Oct 2023 01:22:59 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233781AbjJXIWq (ORCPT + 99 others); Tue, 24 Oct 2023 04:22:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233720AbjJXIWo (ORCPT ); Tue, 24 Oct 2023 04:22:44 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0AA69109 for ; Tue, 24 Oct 2023 01:21:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698135717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=D9F/759QdJCkoh5wUbqRsVVyJH0HQU33MHabrg7gucw=; b=HIhMQioMxxhBitcGgKPcq/itZD9HDhUhvg0uaZcu/hms3uEaB0jdfb1ITznWTezoNhTZMb GAJeiT3kWuVPpeJ7VbTDemmvYTOFglKeaCfJ7jeBITlbhPUoQYW2eSw4LauzAh8VR8bbRn 6Lk8pnPWBvuv8j4dCoTNVxJQvmyv+pM= Received: from mail-io1-f70.google.com (mail-io1-f70.google.com [209.85.166.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-138-R_6h8aWIMmeAcYFGwUCuKw-1; Tue, 24 Oct 2023 04:21:55 -0400 X-MC-Unique: R_6h8aWIMmeAcYFGwUCuKw-1 Received: by mail-io1-f70.google.com with SMTP id ca18e2360f4ac-7a681c87811so145872039f.0 for ; Tue, 24 Oct 2023 01:21:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698135715; x=1698740515; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=D9F/759QdJCkoh5wUbqRsVVyJH0HQU33MHabrg7gucw=; b=Uhit1izo3UvAWSWPAva5LN4TwaIXCrnLmxURTZxWBPtQbZInmAHWXulnCbyB5qDDbo Mup7PMsXgVMPDYS+olGfvIMrKQa9mWOUNv/ios2siAWWhdpB0pNIeA0wU6bhnW6WM+t9 bUBX3leccQtW2tabEvBLg0PSA071t146OcFlbIgX+OsNmPUCC3koM/t2DVcr1TdXALSf 8lFXuoH2xxEtgAYyyCpY3J1SpISza0Klmipm2WagrBMijKFiQn62PxAIG4jq44eo17KP vNDPSmbF2xVG4uXE+3uVFx3vYEqJbgAeaQYU0iVC8O/0bU0wivJoJGl7ZfYGOmwlHSR6 eBpg== X-Gm-Message-State: AOJu0Yy5MpSk3qLEXKYm2u1Cc1D6WyDJ43M7M+9lBwkpg+4Y+PK0WWPH bpOEp8nkrP/cuOWGuAz2m7LscRv4WZ3zyDPqS4m+Ae/6lMIdFKou8jfs2Ow2pcZM9JoV97DdOHf 4MYJ56DvHuPjpQa1wVGiTU1ffRFQ7RA1w5/YBLjAE0JpuZ989oxROxw== X-Received: by 2002:a05:6e02:340f:b0:357:a1e6:faa2 with SMTP id bo15-20020a056e02340f00b00357a1e6faa2mr9540747ilb.1.1698135714964; Tue, 24 Oct 2023 01:21:54 -0700 (PDT) X-Received: by 2002:a05:6e02:340f:b0:357:a1e6:faa2 with SMTP id bo15-20020a056e02340f00b00357a1e6faa2mr9540735ilb.1.1698135714685; Tue, 24 Oct 2023 01:21:54 -0700 (PDT) MIME-Version: 1.0 References: <20230912090051.4014114-17-ardb@google.com> In-Reply-To: From: Dave Young Date: Tue, 24 Oct 2023 16:21:37 +0800 Message-ID: Subject: Re: [PATCH v2 00/15] x86/boot: Rework PE header generation To: Jan Hendrik Farr Cc: Ard Biesheuvel , Ard Biesheuvel , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Evgeniy Baskov , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , Peter Jones , Matthew Garrett , Gerd Hoffmann , Kees Cook , "H. Peter Anvin" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 24 Oct 2023 01:23:00 -0700 (PDT) On Tue, 24 Oct 2023 at 01:37, Jan Hendrik Farr wrote: > > On 23 13:22:53, Ard Biesheuvel wrote: > > On Tue, 3 Oct 2023 at 04:03, Jan Hendrik Farr wrote: > > > > > > On 12 09:00:51, Ard Biesheuvel wrote: > > > > From: Ard Biesheuvel > > > > > > > > Now that the EFI stub boot flow no longer relies on memory that is > > > > executable and writable at the same time, we can reorganize the PE/COFF > > > > view of the kernel image and expose the decompressor binary's code and > > > > r/o data as a .text section and data/bss as a .data section, using 4k > > > > alignment and limited permissions. > > > > > > > > Doing so is necessary for compatibility with hardening measures that are > > > > being rolled out on x86 PCs built to run Windows (i.e., the majority of > > > > them). The EFI boot environment that the Linux EFI stub executes in is > > > > especially sensitive to safety issues, given that a vulnerability in the > > > > loader of one OS can be abused to attack another. > > > > > > This split is also useful for the work of kexecing the next kernel as an > > > EFI application. With the current EFI stub I have to set the memory both > > > writable and executable which results in W^X warnings with a default > > > config. > > > > > > What made this more confusing was that the flags of the .text section in > > > current EFI stub bzImages are set to > > > IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ. So if you load that section > > > according to those flags the EFI stub will quickly run into issues. > > > > > > I assume current firmware on x86 machines does not set any restricted > > > permissions on the memory. Can someone enlighten me on their behavior? > > > > > > > No current x86 firmware does not use restricted permissions at all. > > All memory is mapped with both writable and executable permissions, > > except maybe the stack. > > > > The x86 Linux kernel has been depending on this behavior too, up until > > recently (fixes are in -rc now for the v6.6 release). Before this, it > > would copy its own executable image around in memory. > > > > So EFI based kexec will need to support this behavior if it targets > > older x86 kernels, although I am skeptical that this is a useful > > design goal. > > I don't see this as an important goal either. > > > I have been experimenting with running the EFI stub code in user space > > all the way until ExitBootServices(). The same might work for UKI if > > it is layered cleanly on top of the EFI APIs (rather than poking into > > system registers or page tables under the hood). > > > > How this would work with signed images etc is TBD but I quite like the > > idea of running everything in user space and having a minimal > > purgatory (or none at all) if we can simply populate the entire > > address space while running unprivileged, and just branch to it in the > > kexec() syscall. I imagine this being something like a userspace > > helper that is signed/trusted itself, and gets invoked by the kernel > > to run EFI images that are trusted and tagged as being executable > > unprivileged. > > I've been experimenting with running EFI apps inside kernel space instead. > This is the more natural approach for signed images. Sure, a malicious EFI > app could do arbitrary stuff in kernel mode, but they're signed. On the other > hand running this entirely in user space would at least guarantee that the > system can not crash due to a misbehaving EFI app (at least until > ExitBootServices()). > > The question of whether or not to make this the job of a userspace helper that > is signed must have come up when kexec_file_load syscall was added. It would > have also been an option at the time to extend trust to a signed version of > the userspace kexec tool. > > Why was kexec_file_load created instead of restricting kexec_load to a signed > version of the kexec userspace tool? I think one of the reasons is that it is hard to handle dynamic linked libraries, not only the kexec-tools binary. Thanks Dave