Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp571200rwb;
        Fri, 18 Nov 2022 05:35:08 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5fiz47fg9y7jKZcY0PuSjS8znhzQDsjDjk2J3NPMWCwWemsrBZpLDNzTHFzrRYfKAX3KIR
X-Received: by 2002:a63:d556:0:b0:435:7957:559d with SMTP id v22-20020a63d556000000b004357957559dmr6492423pgi.122.1668778508680;
        Fri, 18 Nov 2022 05:35:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668778508; cv=none;
        d=google.com; s=arc-20160816;
        b=O0VXVIbiUMMTDU4yul9TuP6LzjaqzmKt9spoMjPKZKuhe69GSNzQgnZt7/3CLVz72h
         LZitQ6HYSMM38LLh0AohqFXFzEguah2xwHJ6oB/b85+yMFh7KKFKKOBXHt+dxcyMk/HE
         aegVcVTQIo1163Qndhkv1NXF4S4yWuuAPeugPRsl1G5CqtxYgH+naPhGmiWfjQU/ycQo
         szTeAbkE9p64Tr2QDkdF4ncNOEqqPJ5kXNewCPqjfXB0bskowYhJiOVVoZwIdvtVZKtw
         ltpYZrH+t5Gvmb84hfpgTVU7mjxfuTSuLRqAPYV3JL7WBlsUg2Ajhxn9NO2E+3WZ8yCQ
         qRCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=+rn43NMm2YFbXIKxqcJTRkqXmYYbQTLqTZ42eLiNxak=;
        b=UuXJzA2T/843FA1nFgF2TnnhJHhxfLMvVYcR4XJ4kruY3jikok9QOIafhu0IiVfnNx
         s4tTsuupMazlnuE0GVDrI+MElTqZV5Qq9wPL4ixcqoh+P7yzCAi1Gqf5jwehE6xjccas
         B3qVA2VprjdtCg2Hd7KzOU0qL8HZ2OIN95nIupHjWnTrBQnbhn0lhjJ2FLjdy2dVGFTA
         vsyRB12PnnGp/onqKXwu/SchvNC4u1/FLamXX58zmSQ+j2fQDRgBzdQlAV6Dv/OWyHgm
         7FoNBX2ifpAoFNXZJGYCry2LyDKvGLG8/9C2HkH6HE+wu8sF3cZRGu2uwK65v867Bsnp
         h8rw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=gB7VV9jP;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z184-20020a6333c1000000b004639c679346si3723070pgz.837.2022.11.18.05.34.55;
        Fri, 18 Nov 2022 05:35:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=gB7VV9jP;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242180AbiKRNeE (ORCPT <rfc822;logchen2009@gmail.com>
        + 99 others); Fri, 18 Nov 2022 08:34:04 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52858 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235303AbiKRNdQ (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 18 Nov 2022 08:33:16 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F7908FF85;
        Fri, 18 Nov 2022 05:32:55 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 20EFBB823B8;
        Fri, 18 Nov 2022 13:32:54 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5103AC433D7;
        Fri, 18 Nov 2022 13:32:52 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
        dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="gB7VV9jP"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
        t=1668778371;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=+rn43NMm2YFbXIKxqcJTRkqXmYYbQTLqTZ42eLiNxak=;
        b=gB7VV9jPyENstcotO2itt/6NqlfkYEDwmJwFHc7M08FmUDqLboNz/7G/VB8y7bpB4e7bP9
        c8cY9AlAQa3BS8s+AcU0ShpdXM7HOiAM8YJQ2O8XC7fqWKQRQsHRDvDzR4ackIfz042Avd
        AVR9/M/0DXsfxNRxA0ybqp20Tj32FhM=
Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id e06189ab (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
        Fri, 18 Nov 2022 13:32:51 +0000 (UTC)
From:   "Jason A. Donenfeld" <Jason@zx2c4.com>
To:     linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org,
        patches@lists.linux.dev, linux-kernel@vger.kernel.org
Cc:     "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: [PATCH v2 1/5] efi: vars: prohibit reading random seed variables
Date:   Fri, 18 Nov 2022 14:32:35 +0100
Message-Id: <20221118133239.2515648-2-Jason@zx2c4.com>
In-Reply-To: <20221118133239.2515648-1-Jason@zx2c4.com>
References: <20221118133239.2515648-1-Jason@zx2c4.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
        RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

In anticipation of putting random seeds in EFI variables, it's important
that the random GUID namespace of variables remains hidden from
userspace. We accomplish this by not populating efivarfs with entries
from that GUID, as well as denying the creation of new ones in that
GUID.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 fs/efivarfs/inode.c | 4 ++++
 fs/efivarfs/super.c | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c
index 939e5e242b98..617f3ad2485e 100644
--- a/fs/efivarfs/inode.c
+++ b/fs/efivarfs/inode.c
@@ -91,6 +91,10 @@ static int efivarfs_create(struct user_namespace *mnt_userns, struct inode *dir,
 	err = guid_parse(dentry->d_name.name + namelen + 1, &var->var.VendorGuid);
 	if (err)
 		goto out;
+	if (guid_equal(&var->var.VendorGuid, &LINUX_EFI_RANDOM_SEED_TABLE_GUID)) {
+		err = -EPERM;
+		goto out;
+	}
 
 	if (efivar_variable_is_removable(var->var.VendorGuid,
 					 dentry->d_name.name, namelen))
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 6780fc81cc11..07e82e246666 100644
--- a/fs/efivarfs/super.c
+++ b/fs/efivarfs/super.c
@@ -116,6 +116,9 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
 	int err = -ENOMEM;
 	bool is_removable = false;
 
+	if (guid_equal(&vendor, &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
+		return 0;
+
 	entry = kzalloc(sizeof(*entry), GFP_KERNEL);
 	if (!entry)
 		return err;
-- 
2.38.1