linux-stable

Go to file

Ard Biesheuvel df201eb96a efi: random: combine bootloader provided RNG seed with RNG protocol output commit `196dff2712` upstream. Instead of blindly creating the EFI random seed configuration table if the RNG protocol is implemented and works, check whether such a EFI configuration table was provided by an earlier boot stage and if so, concatenate the existing and the new seeds, leaving it up to the core code to mix it in and credit it the way it sees fit. This can be used for, e.g., systemd-boot, to pass an additional seed to Linux in a way that can be consumed by the kernel very early. In that case, the following definitions should be used to pass the seed to the EFI stub: struct linux_efi_random_seed { u32 size; // of the 'seed' array in bytes u8 seed[]; }; The memory for the struct must be allocated as EFI_ACPI_RECLAIM_MEMORY pool memory, and the address of the struct in memory should be installed as a EFI configuration table using the following GUID: LINUX_EFI_RANDOM_SEED_TABLE_GUID 1ce1e5bc-7ceb-42f2-81e5-8aadf180f57b Note that doing so is safe even on kernels that were built without this patch applied, but the seed will simply be overwritten with a seed derived from the EFI RNG protocol, if available. The recommended seed size is 32 bytes, and seeds larger than 512 bytes are considered corrupted and ignored entirely. In order to preserve forward secrecy, seeds from previous bootloaders are memzero'd out, and in order to preserve memory, those older seeds are also freed from memory. Freeing from memory without first memzeroing is not safe to do, as it's possible that nothing else will ever overwrite those pages used by EFI. Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com> [ardb: incorporate Jason's followup changes to extend the maximum seed size on the consumer end, memzero() it and drop a needless printk] Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2023-01-12 12:00:48 +01:00
Documentation	ext4: journal_path mount options should follow links	2023-01-07 11:16:02 +01:00
LICENSES	LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers	2021-12-16 14:33:10 +01:00
arch	of/fdt: run soc memory setup when early_init_dt_scan_memory fails	2023-01-12 12:00:47 +01:00
block	block: don't allow splitting of a REQ_NOWAIT bio	2023-01-12 12:00:46 +01:00
certs	certs: make system keyring depend on built-in x509 parser	2022-09-24 04:31:18 +09:00
crypto	crypto: tcrypt - Fix multibuffer skcipher speed test mem leak	2022-12-31 13:26:20 +01:00
drivers	efi: random: combine bootloader provided RNG seed with RNG protocol output	2023-01-12 12:00:48 +01:00
fs	btrfs: make thaw time super block check to also verify checksum	2023-01-12 12:00:48 +01:00
include	efi: random: combine bootloader provided RNG seed with RNG protocol output	2023-01-12 12:00:48 +01:00
init	init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash	2022-12-02 17:43:11 +01:00
io_uring	io_uring: fix CQ waiting timeout handling	2023-01-12 12:00:46 +01:00
ipc	ipc: fix memory leak in init_mqueue_fs()	2022-12-31 13:25:48 +01:00
kernel	bpf: Fix panic due to wrong pageattr of im->image	2023-01-12 12:00:45 +01:00
lib	test_kprobes: Fix implicit declaration error of test_kprobes	2023-01-07 11:15:58 +01:00
mm	mm, compaction: fix fast_isolate_around() to stay within boundaries	2023-01-04 11:26:30 +01:00
net	9p/client: fix data race on req->status	2023-01-12 12:00:42 +01:00
samples	samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()	2022-12-31 13:26:28 +01:00
scripts	scripts/faddr2line: Fix regression in name resolution on ppc64le	2022-12-08 11:30:14 +01:00
security	device_cgroup: Roll back to original exceptions after copy failure	2023-01-07 11:15:59 +01:00
sound	ASoC: SOF: Intel: pci-tgl: unblock S5 entry if DMA stop has failed"	2023-01-12 12:00:44 +01:00
tools	perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode	2023-01-12 12:00:41 +01:00
usr	Not a lot of material this cycle. Many singleton patches against various	2022-05-27 11:22:03 -07:00
virt	KVM: Update gfn_to_pfn_cache khva when it moves within the same page	2022-12-02 17:43:13 +01:00
.clang-format	inet: ping: use hlist_nulls rcu iterator during lookup	2022-12-14 11:40:58 +01:00
.cocciconfig	…
.get_maintainer.ignore	get_maintainer: add Alan to .get_maintainer.ignore	2022-08-20 15:17:44 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	kbuild: split the second line of .mod into .usyms	2022-05-08 03:16:59 +09:00
.mailmap	Qualcomm ARM64 DTS fixes for 6.0	2022-09-23 16:44:37 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	drm for 5.20/6.0	2022-08-03 19:52:08 -07:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	One MAINTAINERS update, two MM fixes, both cc:stable	2022-10-01 09:13:29 -07:00
Makefile	Linux 6.0.18	2023-01-07 11:16:07 +01:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.