linux/debian/patches/features/all/lockdown/enable-cold-boot-attack-mit...

From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 12 Jan 2016 12:51:27 -0800
Subject: [18/18] Enable cold boot attack mitigation
Origin: https://github.com/mjg59/linux/commit/02d999574936dd234a508c0112a0200c135a5c34

[Lukas Wunner: Forward-ported to 4.11: adjust context]
---
 arch/x86/boot/compressed/eboot.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index 8b4c5e001157..0813490ca6e0 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -371,6 +371,22 @@ void setup_graphics(struct boot_params *boot_params)
 	}
 }
 
+#define MEMORY_ONLY_RESET_CONTROL_GUID \
+	EFI_GUID (0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29)
+
+static void enable_reset_attack_mitigation(void)
+{
+	u8 val = 1;
+	efi_guid_t var_guid = MEMORY_ONLY_RESET_CONTROL_GUID;
+
+	/* Ignore the return value here - there's not really a lot we can do */
+	efi_early->call((unsigned long)sys_table->runtime->set_variable,
+			L"MemoryOverwriteRequestControl", &var_guid,
+			EFI_VARIABLE_NON_VOLATILE |
+			EFI_VARIABLE_BOOTSERVICE_ACCESS |
+			EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), val);
+}
+
 /*
  * Because the x86 boot code expects to be passed a boot_params we
  * need to create one ourselves (usually the bootloader would create
@@ -765,6 +781,12 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
 			 ((u64)boot_params->ext_cmd_line_ptr << 32));
 	efi_parse_options((char *)cmdline_paddr);
 
+	/*
+	 * Ask the firmware to clear memory if we don't have a clean
+	 * shutdown
+	 */
+	enable_reset_attack_mitigation();
+
 	/*
 	 * If the boot loader gave us a value for secure_boot then we use that,
 	 * otherwise we ask the BIOS.
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support 2016-04-03 03:04:45 +00:00			`From: Matthew Garrett <mjg59@coreos.com>`
			`Date: Tue, 12 Jan 2016 12:51:27 -0800`
			`Subject: [18/18] Enable cold boot attack mitigation`
			`Origin: https://github.com/mjg59/linux/commit/02d999574936dd234a508c0112a0200c135a5c34`

Note Lukas Wunner's forward-porting work in patches 2017-04-19 23:48:59 +00:00			`[Lukas Wunner: Forward-ported to 4.11: adjust context]`
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support 2016-04-03 03:04:45 +00:00			`---`
			`arch/x86/boot/compressed/eboot.c \| 22 ++++++++++++++++++++++`
			`1 file changed, 22 insertions(+)`

Update to 4.19.2 2018-11-15 12:50:41 +00:00			`diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c`
			`index 8b4c5e001157..0813490ca6e0 100644`
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support 2016-04-03 03:04:45 +00:00			`--- a/arch/x86/boot/compressed/eboot.c`
			`+++ b/arch/x86/boot/compressed/eboot.c`
Update to 4.19.2 2018-11-15 12:50:41 +00:00			`@@ -371,6 +371,22 @@ void setup_graphics(struct boot_params *boot_params)`
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support 2016-04-03 03:04:45 +00:00			`}`
			`}`

			`+#define MEMORY_ONLY_RESET_CONTROL_GUID \`
			`+ EFI_GUID (0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29)`
			`+`
			`+static void enable_reset_attack_mitigation(void)`
			`+{`
			`+ u8 val = 1;`
			`+ efi_guid_t var_guid = MEMORY_ONLY_RESET_CONTROL_GUID;`
			`+`
			`+ /* Ignore the return value here - there's not really a lot we can do */`
			`+ efi_early->call((unsigned long)sys_table->runtime->set_variable,`
			`+ L"MemoryOverwriteRequestControl", &var_guid,`
			`+ EFI_VARIABLE_NON_VOLATILE \|`
			`+ EFI_VARIABLE_BOOTSERVICE_ACCESS \|`
			`+ EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), val);`
			`+}`
			`+`
Update to 4.11-rc6 Remove merged patches and rebase remaining patches. A portion of the secureboot patches have been upstreamed, but were changed substantially during review, primarily to avoid code duplication among arches. I've stripped the patches of the merged bits and rebased the remainder. Signed-off-by: Lukas Wunner <lukas@wunner.de> [bwh: Undo some incorrect context changes in bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch] 2017-04-19 09:30:57 +00:00			`/*`
			`* Because the x86 boot code expects to be passed a boot_params we`
			`* need to create one ourselves (usually the bootloader would create`
Update to 4.19.2 2018-11-15 12:50:41 +00:00			`@@ -765,6 +781,12 @@ efi_main(struct efi_config c, struct boot_params boot_params)`
			`((u64)boot_params->ext_cmd_line_ptr << 32));`
			`efi_parse_options((char *)cmdline_paddr);`
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support 2016-04-03 03:04:45 +00:00
Update to 4.19.2 2018-11-15 12:50:41 +00:00			`+ /*`
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support 2016-04-03 03:04:45 +00:00			`+ * Ask the firmware to clear memory if we don't have a clean`
			`+ * shutdown`
			`+ */`
			`+ enable_reset_attack_mitigation();`
			`+`
Update to 4.19.2 2018-11-15 12:50:41 +00:00			`/*`
[arm64,x86] Replace securelevel patch set with lockdown patch set Matthew stopped maintaining the securelevel patch set, and David Howells has taken it up under the new name 'lockdown'. This is taken from: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git#efi-lock-down commits ddb99e118e37f324a4be65a411bb60ae62795cf9..0240fa7c7c948b19d57c0163d57e55296277ff3c Rebase the three patches not included there (cold boot mitigation, arm64 SB integration, MTD RAM restrictions). Update our kconfig for the renaming. 2017-04-20 01:38:29 +00:00			`* If the boot loader gave us a value for secure_boot then we use that,`
			`* otherwise we ask the BIOS.`