You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
182 lines
8.9 KiB
182 lines
8.9 KiB
8 months ago
|
From 4c15a3931701cca73d78bb09953e439e7125e020 Mon Sep 17 00:00:00 2001
|
||
|
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
||
|
Date: Wed, 16 Nov 2022 19:27:50 +0100
|
||
|
Subject: [PATCH] random-seed: handle post-merge review nits
|
||
|
|
||
|
These are various misc things that came up after merging.
|
||
|
|
||
|
(cherry picked from commit 3daeef088410cdddef622007f95b0a1b4a439532)
|
||
|
|
||
|
Related: RHEL-16952
|
||
|
---
|
||
|
src/boot/bootctl.c | 2 +-
|
||
|
src/boot/efi/random-seed.c | 6 ++--
|
||
|
src/random-seed/random-seed.c | 61 ++++++++++++++++++-----------------
|
||
|
3 files changed, 36 insertions(+), 33 deletions(-)
|
||
|
|
||
|
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
|
||
|
index e23a72fd38..8d45e11c2b 100644
|
||
|
--- a/src/boot/bootctl.c
|
||
|
+++ b/src/boot/bootctl.c
|
||
|
@@ -1983,7 +1983,7 @@ static int verb_list(int argc, char *argv[], void *userdata) {
|
||
|
|
||
|
static int install_random_seed(const char *esp) {
|
||
|
_cleanup_(unlink_and_freep) char *tmp = NULL;
|
||
|
- unsigned char buffer[RANDOM_EFI_SEED_SIZE];
|
||
|
+ uint8_t buffer[RANDOM_EFI_SEED_SIZE];
|
||
|
_cleanup_free_ char *path = NULL;
|
||
|
_cleanup_close_ int fd = -1;
|
||
|
size_t token_size;
|
||
|
diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c
|
||
|
index c723160c0f..e11e345e88 100644
|
||
|
--- a/src/boot/efi/random-seed.c
|
||
|
+++ b/src/boot/efi/random-seed.c
|
||
|
@@ -60,7 +60,6 @@ static EFI_STATUS acquire_system_token(void **ret, UINTN *ret_size) {
|
||
|
assert(ret);
|
||
|
assert(ret_size);
|
||
|
|
||
|
- *ret_size = 0;
|
||
|
err = efivar_get_raw(LOADER_GUID, L"LoaderSystemToken", &data, &size);
|
||
|
if (err != EFI_SUCCESS) {
|
||
|
if (err != EFI_NOT_FOUND)
|
||
|
@@ -192,6 +191,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir) {
|
||
|
/* Get some system specific seed that the installer might have placed in an EFI variable. We include
|
||
|
* it in our hash. This is protection against golden master image sloppiness, and it remains on the
|
||
|
* system, even when disk images are duplicated or swapped out. */
|
||
|
+ size = 0;
|
||
|
err = acquire_system_token(&system_token, &size);
|
||
|
if (mode != RANDOM_SEED_ALWAYS && (err != EFI_SUCCESS || size < DESIRED_SEED_SIZE) && !seeded_by_efi)
|
||
|
return err;
|
||
|
@@ -251,6 +251,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir) {
|
||
|
size = sizeof(uefi_monotonic_counter);
|
||
|
sha256_process_bytes(&size, sizeof(size), &hash);
|
||
|
sha256_process_bytes(&uefi_monotonic_counter, size, &hash);
|
||
|
+
|
||
|
err = RT->GetTime(&now, NULL);
|
||
|
size = err == EFI_SUCCESS ? sizeof(now) : 0; /* Known to be flaky, so don't bark on error. */
|
||
|
sha256_process_bytes(&size, sizeof(size), &hash);
|
||
|
@@ -300,7 +301,8 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir) {
|
||
|
if (err != EFI_SUCCESS)
|
||
|
return log_error_status_stall(err, L"Failed to flush random seed file: %r", err);
|
||
|
|
||
|
- err = BS->AllocatePool(EfiACPIReclaimMemory, sizeof(*new_seed_table) + DESIRED_SEED_SIZE,
|
||
|
+ err = BS->AllocatePool(EfiACPIReclaimMemory,
|
||
|
+ offsetof(struct linux_efi_random_seed, seed) + DESIRED_SEED_SIZE,
|
||
|
(void **) &new_seed_table);
|
||
|
if (err != EFI_SUCCESS)
|
||
|
return log_error_status_stall(err, L"Failed to allocate EFI table for random seed: %r", err);
|
||
|
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c
|
||
|
index 54ec3aa7d5..ab1f942289 100644
|
||
|
--- a/src/random-seed/random-seed.c
|
||
|
+++ b/src/random-seed/random-seed.c
|
||
|
@@ -321,9 +321,10 @@ static int refresh_boot_seed(void) {
|
||
|
struct sha256_ctx hash_state;
|
||
|
_cleanup_free_ void *seed_file_bytes = NULL;
|
||
|
_cleanup_free_ char *esp_path = NULL;
|
||
|
- _cleanup_close_ int seed_fd = -1;
|
||
|
+ _cleanup_close_ int seed_fd = -1, dir_fd = -1;
|
||
|
size_t len;
|
||
|
- ssize_t r;
|
||
|
+ ssize_t n;
|
||
|
+ int r;
|
||
|
|
||
|
assert_cc(RANDOM_EFI_SEED_SIZE == SHA256_DIGEST_SIZE);
|
||
|
|
||
|
@@ -337,48 +338,48 @@ static int refresh_boot_seed(void) {
|
||
|
return r; /* find_esp_and_warn() already logged */
|
||
|
}
|
||
|
|
||
|
- seed_fd = chase_symlinks_and_open("/loader/random-seed", esp_path,
|
||
|
- CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS,
|
||
|
- O_RDWR|O_CLOEXEC|O_NOCTTY, NULL);
|
||
|
- if (seed_fd == -ENOENT) {
|
||
|
+ r = chase_symlinks("/loader", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, NULL, &dir_fd);
|
||
|
+ if (r < 0) {
|
||
|
+ if (r == -ENOENT) {
|
||
|
+ log_debug_errno(r, "Couldn't find ESP loader directory, so not updating ESP random seed.");
|
||
|
+ return 0;
|
||
|
+ }
|
||
|
+ return log_error_errno(r, "Failed to open ESP loader directory: %m");
|
||
|
+ }
|
||
|
+ seed_fd = openat(dir_fd, "random-seed", O_NOFOLLOW|O_RDWR|O_CLOEXEC|O_NOCTTY);
|
||
|
+ if (seed_fd < 0 && errno == ENOENT) {
|
||
|
uint64_t features;
|
||
|
-
|
||
|
r = efi_loader_get_features(&features);
|
||
|
- if (r == 0 && FLAGS_SET(features, EFI_LOADER_FEATURE_RANDOM_SEED)) {
|
||
|
- int dir_fd = chase_symlinks_and_open("/loader", esp_path,
|
||
|
- CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS,
|
||
|
- O_DIRECTORY|O_CLOEXEC|O_NOCTTY, NULL);
|
||
|
- if (dir_fd >= 0) {
|
||
|
- seed_fd = openat(dir_fd, "random-seed", O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
|
||
|
- close(dir_fd);
|
||
|
- }
|
||
|
+ if (r == 0 && FLAGS_SET(features, EFI_LOADER_FEATURE_RANDOM_SEED))
|
||
|
+ seed_fd = openat(dir_fd, "random-seed", O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
|
||
|
+ else {
|
||
|
+ log_debug_errno(seed_fd, "Couldn't find ESP random seed, and not booted with systemd-boot, so not updating ESP random seed.");
|
||
|
+ return 0;
|
||
|
}
|
||
|
}
|
||
|
- if (seed_fd < 0) {
|
||
|
- log_debug_errno(seed_fd, "Failed to open EFI seed path: %m");
|
||
|
- return 0;
|
||
|
- }
|
||
|
+ if (seed_fd < 0)
|
||
|
+ return log_error_errno(errno, "Failed to open EFI seed path: %m");
|
||
|
r = random_seed_size(seed_fd, &len);
|
||
|
if (r < 0)
|
||
|
return log_error_errno(r, "Failed to determine EFI seed path length: %m");
|
||
|
seed_file_bytes = malloc(len);
|
||
|
if (!seed_file_bytes)
|
||
|
return log_oom();
|
||
|
- r = loop_read(seed_fd, seed_file_bytes, len, false);
|
||
|
- if (r < 0)
|
||
|
- return log_error_errno(r, "Failed to read EFI seed file: %m");
|
||
|
+ n = loop_read(seed_fd, seed_file_bytes, len, false);
|
||
|
+ if (n < 0)
|
||
|
+ return log_error_errno(n, "Failed to read EFI seed file: %m");
|
||
|
|
||
|
/* Hash the old seed in so that we never regress in entropy. */
|
||
|
sha256_init_ctx(&hash_state);
|
||
|
- sha256_process_bytes(&r, sizeof(r), &hash_state);
|
||
|
- sha256_process_bytes(seed_file_bytes, r, &hash_state);
|
||
|
+ sha256_process_bytes(&n, sizeof(n), &hash_state);
|
||
|
+ sha256_process_bytes(seed_file_bytes, n, &hash_state);
|
||
|
|
||
|
/* We're doing this opportunistically, so if the seeding dance before didn't manage to initialize the
|
||
|
* RNG, there's no point in doing it here. Secondly, getrandom(GRND_NONBLOCK) has been around longer
|
||
|
* than EFI seeding anyway, so there's no point in having non-getrandom() fallbacks here. So if this
|
||
|
* fails, just return early to cut our losses. */
|
||
|
- r = getrandom(buffer, sizeof(buffer), GRND_NONBLOCK);
|
||
|
- if (r < 0) {
|
||
|
+ n = getrandom(buffer, sizeof(buffer), GRND_NONBLOCK);
|
||
|
+ if (n < 0) {
|
||
|
if (errno == EAGAIN) {
|
||
|
log_debug_errno(errno, "Random pool not initialized yet, so skipping EFI seed update");
|
||
|
return 0;
|
||
|
@@ -389,11 +390,11 @@ static int refresh_boot_seed(void) {
|
||
|
}
|
||
|
return log_error_errno(errno, "Failed to generate random bytes for EFI seed: %m");
|
||
|
}
|
||
|
- assert(r == sizeof(buffer));
|
||
|
+ assert(n == sizeof(buffer));
|
||
|
|
||
|
/* Hash the new seed into the state containing the old one to generate our final seed. */
|
||
|
- sha256_process_bytes(&r, sizeof(r), &hash_state);
|
||
|
- sha256_process_bytes(buffer, r, &hash_state);
|
||
|
+ sha256_process_bytes(&n, sizeof(n), &hash_state);
|
||
|
+ sha256_process_bytes(buffer, n, &hash_state);
|
||
|
sha256_finish_ctx(&hash_state, buffer);
|
||
|
|
||
|
if (lseek(seed_fd, 0, SEEK_SET) < 0)
|
||
|
@@ -405,7 +406,7 @@ static int refresh_boot_seed(void) {
|
||
|
return log_error_errno(errno, "Failed to truncate EFI seed file: %m");
|
||
|
r = fsync_full(seed_fd);
|
||
|
if (r < 0)
|
||
|
- return log_error_errno(errno, "Failed to fsync EFI seed file: %m");
|
||
|
+ return log_error_errno(r, "Failed to fsync EFI seed file: %m");
|
||
|
|
||
|
log_debug("Updated random seed in ESP");
|
||
|
return 0;
|