[PATCH v2] efi/arm64: Update debug prints to reflect other entropy sources

Ard Biesheuvel ardb at kernel.org
Wed Jan 20 11:47:48 EST 2021 

On Wed, 20 Jan 2021 at 17:38, Mark Brown <broonie at kernel.org> wrote:
>
> Currently the EFI stub prints a diagnostic on boot saying that KASLR will
> be disabled if it is unable to use the EFI RNG protocol to obtain a seed
> for KASLR.  With the addition of support for v8.5-RNG and the SMCCC RNG
> protocol it is now possible for KASLR to obtain entropy even if the EFI
> RNG protocol is unsupported in the system, and the main kernel now
> explicitly says if KASLR is active itself.  This can result in a boot
> log where the stub says KASLR has been disabled and the main kernel says
> that it is enabled which is confusing for users.
>
> Remove the explicit reference to KASLR from the diagnostics, the warnings
> are still useful as EFI is the only source of entropy the stub uses when
> randomizing the physical address of the kernel and the other sources may
> not be available.
>
> Signed-off-by: Mark Brown <broonie at kernel.org>
> ---
>
> v2: Remove all reference to KASLR from the log messages and clarify
>     physical address randomization use of the EFI RNG seed.
>

Thanks Mark. I will merge this in efi/next

>  drivers/firmware/efi/libstub/arm64-stub.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c
> index 22ece1ad68a8..b69d63143e0d 100644
> --- a/drivers/firmware/efi/libstub/arm64-stub.c
> +++ b/drivers/firmware/efi/libstub/arm64-stub.c
> @@ -61,10 +61,10 @@ efi_status_t handle_kernel_image(unsigned long *image_addr,
>                         status = efi_get_random_bytes(sizeof(phys_seed),
>                                                       (u8 *)&phys_seed);
>                         if (status == EFI_NOT_FOUND) {
> -                               efi_info("EFI_RNG_PROTOCOL unavailable, KASLR will be disabled\n");
> +                               efi_info("EFI_RNG_PROTOCOL unavailable\n");
>                                 efi_nokaslr = true;
>                         } else if (status != EFI_SUCCESS) {
> -                               efi_err("efi_get_random_bytes() failed (0x%lx), KASLR will be disabled\n",
> +                               efi_err("efi_get_random_bytes() failed (0x%lx)\n",
>                                         status);
>                                 efi_nokaslr = true;
>                         }
> --
> 2.20.1
>

More information about the linux-arm-kernel mailing list