From cdec91c034a2c99331b62a5f417bf7527fa6d490 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Mon, 2 Nov 2020 10:04:39 +0100 Subject: efi/libstub: fix prototype of efi_tcg2_protocol::get_event_log() efi_tcg2_protocol::get_event_log() takes a protocol pointer as the first argument, not a EFI handle. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/efistub.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index b50a6c67d9bd..2b7438ba1fbc 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -672,7 +672,7 @@ typedef union efi_tcg2_protocol efi_tcg2_protocol_t; union efi_tcg2_protocol { struct { void *get_capability; - efi_status_t (__efiapi *get_event_log)(efi_handle_t, + efi_status_t (__efiapi *get_event_log)(efi_tcg2_protocol_t *, efi_tcg2_event_log_format, efi_physical_addr_t *, efi_physical_addr_t *, -- cgit v1.2.3 From 3820749ddcee694abfd5ae6cabc18aaab11eab34 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Mon, 2 Nov 2020 11:51:10 +0100 Subject: efi/libstub: move TPM related prototypes into efistub.h Move TPM related definitions that are only used in the EFI stub into efistub.h, which is a local header. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/efistub.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'drivers') diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 2b7438ba1fbc..cde0a2ef507d 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -849,4 +849,13 @@ void efi_handle_post_ebs_state(void); enum efi_secureboot_mode efi_get_secureboot(void); +#ifdef CONFIG_RESET_ATTACK_MITIGATION +void efi_enable_reset_attack_mitigation(void); +#else +static inline void +efi_enable_reset_attack_mitigation(void) { } +#endif + +void efi_retrieve_tpm2_eventlog(void); + #endif -- cgit v1.2.3 From 1c761ee9da1ac6ba7e40d14457fac94c87eaff35 Mon Sep 17 00:00:00 2001 From: Mark Brown Date: Wed, 20 Jan 2021 16:38:10 +0000 Subject: efi/arm64: Update debug prints to reflect other entropy sources Currently the EFI stub prints a diagnostic on boot saying that KASLR will be disabled if it is unable to use the EFI RNG protocol to obtain a seed for KASLR. With the addition of support for v8.5-RNG and the SMCCC RNG protocol it is now possible for KASLR to obtain entropy even if the EFI RNG protocol is unsupported in the system, and the main kernel now explicitly says if KASLR is active itself. This can result in a boot log where the stub says KASLR has been disabled and the main kernel says that it is enabled which is confusing for users. Remove the explicit reference to KASLR from the diagnostics, the warnings are still useful as EFI is the only source of entropy the stub uses when randomizing the physical address of the kernel and the other sources may not be available. Signed-off-by: Mark Brown Link: https://lore.kernel.org/r/20210120163810.14973-1-broonie@kernel.org Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/arm64-stub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers') diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index 22ece1ad68a8..b69d63143e0d 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -61,10 +61,10 @@ efi_status_t handle_kernel_image(unsigned long *image_addr, status = efi_get_random_bytes(sizeof(phys_seed), (u8 *)&phys_seed); if (status == EFI_NOT_FOUND) { - efi_info("EFI_RNG_PROTOCOL unavailable, KASLR will be disabled\n"); + efi_info("EFI_RNG_PROTOCOL unavailable\n"); efi_nokaslr = true; } else if (status != EFI_SUCCESS) { - efi_err("efi_get_random_bytes() failed (0x%lx), KASLR will be disabled\n", + efi_err("efi_get_random_bytes() failed (0x%lx)\n", status); efi_nokaslr = true; } -- cgit v1.2.3