You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
222 lines
9.9 KiB
222 lines
9.9 KiB
8 months ago
|
From 44f9f0e2e416b67c2ca46e9e36184f4a0bf1f1b0 Mon Sep 17 00:00:00 2001
|
||
|
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
||
|
Date: Mon, 21 Nov 2022 16:40:24 +0100
|
||
|
Subject: [PATCH] boot: remove random-seed-mode
|
||
|
|
||
|
Now that the random seed is used on virtualized systems, there's no
|
||
|
point in having a random-seed-mode toggle switch. Let's just always
|
||
|
require it now, with the existing logic already being there to allow not
|
||
|
having it if EFI itself has an RNG. In other words, the logic for this
|
||
|
can now be automatic.
|
||
|
|
||
|
(cherry picked from commit 47b3e96647e18e8ca219c4792ab769344eea11bb)
|
||
|
|
||
|
Related: RHEL-16952
|
||
|
---
|
||
|
docs/RANDOM_SEEDS.md | 8 --------
|
||
|
man/loader.conf.xml | 19 -------------------
|
||
|
src/boot/efi/boot.c | 26 +-------------------------
|
||
|
src/boot/efi/random-seed.c | 5 +----
|
||
|
src/boot/efi/random-seed.h | 18 +-----------------
|
||
|
src/shared/bootspec.c | 3 +--
|
||
|
src/shared/bootspec.h | 1 -
|
||
|
7 files changed, 4 insertions(+), 76 deletions(-)
|
||
|
|
||
|
diff --git a/docs/RANDOM_SEEDS.md b/docs/RANDOM_SEEDS.md
|
||
|
index a1134d6417..4cb2bb9cfa 100644
|
||
|
--- a/docs/RANDOM_SEEDS.md
|
||
|
+++ b/docs/RANDOM_SEEDS.md
|
||
|
@@ -232,14 +232,6 @@ boot, in order to ensure the entropy pool is filled up quickly.
|
||
|
too), which should be safe even with FAT file system drivers built into
|
||
|
low-quality EFI firmwares.
|
||
|
|
||
|
- If the system token is not desired but this seeding mechanism still is, OS
|
||
|
- builders that know that they are not going to replicate the built image on
|
||
|
- multiple systems may opt to turn off the 'system token' concept by setting
|
||
|
- `random-seed-mode always` in the ESP's
|
||
|
- [`/loader/loader.conf`](https://www.freedesktop.org/software/systemd/man/loader.conf.html)
|
||
|
- file. If done, `systemd-boot` will use the random seed file even if no
|
||
|
- system token is found in EFI variables.
|
||
|
-
|
||
|
4. A kernel command line option `systemd.random_seed=` may be used to pass in a
|
||
|
base64 encoded seed to initialize the kernel's entropy pool from during
|
||
|
early service manager initialization. This option is only safe in testing
|
||
|
diff --git a/man/loader.conf.xml b/man/loader.conf.xml
|
||
|
index 7f173aec61..d937583da9 100644
|
||
|
--- a/man/loader.conf.xml
|
||
|
+++ b/man/loader.conf.xml
|
||
|
@@ -309,25 +309,6 @@ sign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth
|
||
|
encrypted drive to change. If PCR 4 is not measured, this setting can be disabled to speed
|
||
|
up booting into Windows.</para></listitem>
|
||
|
</varlistentry>
|
||
|
-
|
||
|
- <varlistentry>
|
||
|
- <term>random-seed-mode</term>
|
||
|
-
|
||
|
- <listitem><para>Takes one of <literal>off</literal>, <literal>with-system-token</literal> and
|
||
|
- <literal>always</literal>. If <literal>off</literal> no random seed data is read off the ESP, nor
|
||
|
- passed to the OS. If <literal>with-system-token</literal> (the default)
|
||
|
- <command>systemd-boot</command> will read a random seed from the ESP (from the file
|
||
|
- <filename>/loader/random-seed</filename>) only if the <varname>LoaderSystemToken</varname> EFI
|
||
|
- variable is set, and then derive the random seed to pass to the OS from the combination. If
|
||
|
- <literal>always</literal> the boot loader will do so even if <varname>LoaderSystemToken</varname> is
|
||
|
- not set. This mode is useful in environments where protection against OS image reuse is not a
|
||
|
- concern, and the random seed shall be used even with no further setup in place. Use <command>bootctl
|
||
|
- random-seed</command> to initialize both the random seed file in the ESP and the system token EFI
|
||
|
- variable.</para>
|
||
|
-
|
||
|
- <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further
|
||
|
- information.</para></listitem>
|
||
|
- </varlistentry>
|
||
|
</variablelist>
|
||
|
</refsect1>
|
||
|
|
||
|
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
|
||
|
index 5944451e6a..4a64c2402d 100644
|
||
|
--- a/src/boot/efi/boot.c
|
||
|
+++ b/src/boot/efi/boot.c
|
||
|
@@ -97,7 +97,6 @@ typedef struct {
|
||
|
bool beep;
|
||
|
int64_t console_mode;
|
||
|
int64_t console_mode_efivar;
|
||
|
- RandomSeedMode random_seed_mode;
|
||
|
} Config;
|
||
|
|
||
|
/* These values have been chosen so that the transitions the user sees could
|
||
|
@@ -529,7 +528,6 @@ static void print_status(Config *config, char16_t *loaded_image_path) {
|
||
|
ps_bool(L" auto-firmware: %s\n", config->auto_firmware);
|
||
|
ps_bool(L" beep: %s\n", config->beep);
|
||
|
ps_bool(L" reboot-for-bitlocker: %s\n", config->reboot_for_bitlocker);
|
||
|
- ps_string(L" random-seed-mode: %s\n", random_seed_modes_table[config->random_seed_mode]);
|
||
|
|
||
|
switch (config->secure_boot_enroll) {
|
||
|
case ENROLL_OFF:
|
||
|
@@ -1273,27 +1271,6 @@ static void config_defaults_load_from_file(Config *config, char *content) {
|
||
|
}
|
||
|
continue;
|
||
|
}
|
||
|
-
|
||
|
- if (streq8(key, "random-seed-mode")) {
|
||
|
- if (streq8(value, "off"))
|
||
|
- config->random_seed_mode = RANDOM_SEED_OFF;
|
||
|
- else if (streq8(value, "with-system-token"))
|
||
|
- config->random_seed_mode = RANDOM_SEED_WITH_SYSTEM_TOKEN;
|
||
|
- else if (streq8(value, "always"))
|
||
|
- config->random_seed_mode = RANDOM_SEED_ALWAYS;
|
||
|
- else {
|
||
|
- bool on;
|
||
|
-
|
||
|
- err = parse_boolean(value, &on);
|
||
|
- if (err != EFI_SUCCESS) {
|
||
|
- log_error_stall(L"Error parsing 'random-seed-mode' config option: %a", value);
|
||
|
- continue;
|
||
|
- }
|
||
|
-
|
||
|
- config->random_seed_mode = on ? RANDOM_SEED_ALWAYS : RANDOM_SEED_OFF;
|
||
|
- }
|
||
|
- continue;
|
||
|
- }
|
||
|
}
|
||
|
}
|
||
|
|
||
|
@@ -1584,7 +1561,6 @@ static void config_load_defaults(Config *config, EFI_FILE *root_dir) {
|
||
|
.auto_firmware = true,
|
||
|
.reboot_for_bitlocker = false,
|
||
|
.secure_boot_enroll = ENROLL_MANUAL,
|
||
|
- .random_seed_mode = RANDOM_SEED_WITH_SYSTEM_TOKEN,
|
||
|
.idx_default_efivar = IDX_INVALID,
|
||
|
.console_mode = CONSOLE_MODE_KEEP,
|
||
|
.console_mode_efivar = CONSOLE_MODE_KEEP,
|
||
|
@@ -2735,7 +2711,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
|
||
|
save_selected_entry(&config, entry);
|
||
|
|
||
|
/* Optionally, read a random seed off the ESP and pass it to the OS */
|
||
|
- (void) process_random_seed(root_dir, config.random_seed_mode);
|
||
|
+ (void) process_random_seed(root_dir);
|
||
|
|
||
|
err = image_start(image, entry);
|
||
|
if (err != EFI_SUCCESS)
|
||
|
diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c
|
||
|
index 471398fbf1..4fc56d9356 100644
|
||
|
--- a/src/boot/efi/random-seed.c
|
||
|
+++ b/src/boot/efi/random-seed.c
|
||
|
@@ -140,9 +140,6 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir) {
|
||
|
|
||
|
validate_sha256();
|
||
|
|
||
|
- if (mode == RANDOM_SEED_OFF)
|
||
|
- return EFI_NOT_FOUND;
|
||
|
-
|
||
|
/* hash = LABEL || sizeof(input1) || input1 || ... || sizeof(inputN) || inputN */
|
||
|
sha256_init_ctx(&hash);
|
||
|
|
||
|
@@ -193,7 +190,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir) {
|
||
|
* system, even when disk images are duplicated or swapped out. */
|
||
|
size = 0;
|
||
|
err = acquire_system_token(&system_token, &size);
|
||
|
- if (mode != RANDOM_SEED_ALWAYS && (err != EFI_SUCCESS || size < DESIRED_SEED_SIZE) && !seeded_by_efi)
|
||
|
+ if ((err != EFI_SUCCESS || size < DESIRED_SEED_SIZE) && !seeded_by_efi)
|
||
|
return err;
|
||
|
sha256_process_bytes(&size, sizeof(size), &hash);
|
||
|
if (system_token) {
|
||
|
diff --git a/src/boot/efi/random-seed.h b/src/boot/efi/random-seed.h
|
||
|
index 6aa1cc5288..40aaf85860 100644
|
||
|
--- a/src/boot/efi/random-seed.h
|
||
|
+++ b/src/boot/efi/random-seed.h
|
||
|
@@ -2,21 +2,5 @@
|
||
|
#pragma once
|
||
|
|
||
|
#include <efi.h>
|
||
|
-#include <errno.h>
|
||
|
-#include <uchar.h>
|
||
|
|
||
|
-typedef enum RandomSeedMode {
|
||
|
- RANDOM_SEED_OFF,
|
||
|
- RANDOM_SEED_WITH_SYSTEM_TOKEN,
|
||
|
- RANDOM_SEED_ALWAYS,
|
||
|
- _RANDOM_SEED_MODE_MAX,
|
||
|
- _RANDOM_SEED_MODE_INVALID = -EINVAL,
|
||
|
-} RandomSeedMode;
|
||
|
-
|
||
|
-static const char16_t * const random_seed_modes_table[_RANDOM_SEED_MODE_MAX] = {
|
||
|
- [RANDOM_SEED_OFF] = L"off",
|
||
|
- [RANDOM_SEED_WITH_SYSTEM_TOKEN] = L"with-system-token",
|
||
|
- [RANDOM_SEED_ALWAYS] = L"always",
|
||
|
-};
|
||
|
-
|
||
|
-EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode);
|
||
|
+EFI_STATUS process_random_seed(EFI_FILE *root_dir);
|
||
|
diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c
|
||
|
index 9352416af5..61e20c40a8 100644
|
||
|
--- a/src/shared/bootspec.c
|
||
|
+++ b/src/shared/bootspec.c
|
||
|
@@ -418,7 +418,6 @@ void boot_config_free(BootConfig *config) {
|
||
|
free(config->auto_entries);
|
||
|
free(config->auto_firmware);
|
||
|
free(config->console_mode);
|
||
|
- free(config->random_seed_mode);
|
||
|
free(config->beep);
|
||
|
|
||
|
free(config->entry_oneshot);
|
||
|
@@ -485,7 +484,7 @@ int boot_loader_read_conf(BootConfig *config, FILE *file, const char *path) {
|
||
|
else if (streq(field, "console-mode"))
|
||
|
r = free_and_strdup(&config->console_mode, p);
|
||
|
else if (streq(field, "random-seed-mode"))
|
||
|
- r = free_and_strdup(&config->random_seed_mode, p);
|
||
|
+ log_syntax(NULL, LOG_WARNING, path, line, 0, "'random-seed-mode' has been deprecated, ignoring.");
|
||
|
else if (streq(field, "beep"))
|
||
|
r = free_and_strdup(&config->beep, p);
|
||
|
else {
|
||
|
diff --git a/src/shared/bootspec.h b/src/shared/bootspec.h
|
||
|
index 7f5d496b95..ac4d1890b0 100644
|
||
|
--- a/src/shared/bootspec.h
|
||
|
+++ b/src/shared/bootspec.h
|
||
|
@@ -57,7 +57,6 @@ typedef struct BootConfig {
|
||
|
char *auto_entries;
|
||
|
char *auto_firmware;
|
||
|
char *console_mode;
|
||
|
- char *random_seed_mode;
|
||
|
char *beep;
|
||
|
|
||
|
char *entry_oneshot;
|