diff options
| author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2017-04-04 18:09:10 +0200 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2017-04-05 12:27:29 +0200 |
| commit | e69176d68d26d63d9214797c191ce65358ea1ecf (patch) | |
| tree | 9783c68238dc65825137d1f736d59fc9fa642cb5 /Kconfig | |
| parent | efi/libstub/arm/arm64: Disable debug prints on 'quiet' cmdline arg (diff) | |
| download | linux-e69176d68d26d63d9214797c191ce65358ea1ecf.tar.xz linux-e69176d68d26d63d9214797c191ce65358ea1ecf.zip | |
ef/libstub/arm/arm64: Randomize the base of the UEFI rt services region
Update the allocation logic for the virtual mapping of the UEFI runtime
services to start from a randomized base address if KASLR is in effect,
and if the UEFI firmware exposes an implementation of EFI_RNG_PROTOCOL.
This makes it more difficult to predict the location of exploitable
data structures in the runtime UEFI firmware, which increases robustness
against attacks. Note that these regions are only mapped during the
time a runtime service call is in progress, and only on a single CPU
at a time, bit given the lack of a downside, let's enable it nonetheless.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bhe@redhat.com
Cc: bhsharma@redhat.com
Cc: eugene@hp.com
Cc: evgeny.kalugin@intel.com
Cc: jhugo@codeaurora.org
Cc: leif.lindholm@linaro.org
Cc: linux-efi@vger.kernel.org
Cc: mark.rutland@arm.com
Cc: roy.franz@cavium.com
Cc: rruigrok@codeaurora.org
Link: http://lkml.kernel.org/r/20170404160910.28115-3-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'Kconfig')
0 files changed, 0 insertions, 0 deletions