Merge tag 'powerpc-5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc updates from Michael Ellerman:
"Highlights:
- Infrastructure for secure boot on some bare metal Power9 machines.
The firmware support is still in development, so the code here
won't actually activate secure boot on any existing systems.
- A change to xmon (our crash handler / pseudo-debugger) to restrict
it to read-only mode when the kernel is lockdown'ed, otherwise it's
trivial to drop into xmon and modify kernel data, such as the
lockdown state.
- Support for KASLR on 32-bit BookE machines (Freescale / NXP).
- Fixes for our flush_icache_range() and __kernel_sync_dicache()
(VDSO) to work with memory ranges >4GB.
- Some reworks of the pseries CMM (Cooperative Memory Management)
driver to make it behave more like other balloon drivers and enable
some cleanups of generic mm code.
- A series of fixes to our hardware breakpoint support to properly
handle unaligned watchpoint addresses.
Plus a bunch of other smaller improvements, fixes and cleanups.
Thanks to: Alastair D'Silva, Andrew Donnellan, Aneesh Kumar K.V,
Anthony Steinhauser, Cédric Le Goater, Chris Packham, Chris Smart,
Christophe Leroy, Christopher M. Riedl, Christoph Hellwig, Claudio
Carvalho, Daniel Axtens, David Hildenbrand, Deb McLemore, Diana
Craciun, Eric Richter, Geert Uytterhoeven, Greg Kroah-Hartman, Greg
Kurz, Gustavo L. F. Walbon, Hari Bathini, Harish, Jason Yan, Krzysztof
Kozlowski, Leonardo Bras, Mathieu Malaterre, Mauro S. M. Rodrigues,
Michal Suchanek, Mimi Zohar, Nathan Chancellor, Nathan Lynch, Nayna
Jain, Nick Desaulniers, Oliver O'Halloran, Qian Cai, Rasmus Villemoes,
Ravi Bangoria, Sam Bobroff, Santosh Sivaraj, Scott Wood, Thomas Huth,
Tyrel Datwyler, Vaibhav Jain, Valentin Longchamp, YueHaibing"
* tag 'powerpc-5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (144 commits)
powerpc/fixmap: fix crash with HIGHMEM
x86/efi: remove unused variables
powerpc: Define arch_is_kernel_initmem_freed() for lockdep
powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp
powerpc: Avoid clang warnings around setjmp and longjmp
powerpc: Don't add -mabi= flags when building with Clang
powerpc: Fix Kconfig indentation
powerpc/fixmap: don't clear fixmap area in paging_init()
selftests/powerpc: spectre_v2 test must be built 64-bit
powerpc/powernv: Disable native PCIe port management
powerpc/kexec: Move kexec files into a dedicated subdir.
powerpc/32: Split kexec low level code out of misc_32.S
powerpc/sysdev: drop simple gpio
powerpc/83xx: map IMMR with a BAT.
powerpc/32s: automatically allocate BAT in setbat()
powerpc/ioremap: warn on early use of ioremap()
powerpc: Add support for GENERIC_EARLY_IOREMAP
powerpc/fixmap: Use __fix_to_virt() instead of fix_to_virt()
powerpc/8xx: use the fixmapped IMMR in cpm_reset()
powerpc/8xx: add __init to cpm1 init functions
...
This commit is contained in:
Linus Torvalds
@@ -25,6 +25,7 @@ Description:
|
||||
lsm: [[subj_user=] [subj_role=] [subj_type=]
|
||||
[obj_user=] [obj_role=] [obj_type=]]
|
||||
option: [[appraise_type=]] [template=] [permit_directio]
|
||||
[appraise_flag=]
|
||||
base: func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK]
|
||||
[FIRMWARE_CHECK]
|
||||
[KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK]
|
||||
@@ -38,6 +39,9 @@ Description:
|
||||
fowner:= decimal value
|
||||
lsm: are LSM specific
|
||||
option: appraise_type:= [imasig] [imasig|modsig]
|
||||
appraise_flag:= [check_blacklist]
|
||||
Currently, blacklist check is only for files signed with appended
|
||||
signature.
|
||||
template:= name of a defined IMA template type
|
||||
(eg, ima-ng). Only valid when action is "measure".
|
||||
pcr:= decimal value
|
||||
|
||||
46
Documentation/ABI/testing/sysfs-secvar
Normal file
46
Documentation/ABI/testing/sysfs-secvar
Normal file
@@ -0,0 +1,46 @@
|
||||
What: /sys/firmware/secvar
|
||||
Date: August 2019
|
||||
Contact: Nayna Jain <nayna@linux.ibm.com>
|
||||
Description: This directory is created if the POWER firmware supports OS
|
||||
secureboot, thereby secure variables. It exposes interface
|
||||
for reading/writing the secure variables
|
||||
|
||||
What: /sys/firmware/secvar/vars
|
||||
Date: August 2019
|
||||
Contact: Nayna Jain <nayna@linux.ibm.com>
|
||||
Description: This directory lists all the secure variables that are supported
|
||||
by the firmware.
|
||||
|
||||
What: /sys/firmware/secvar/format
|
||||
Date: August 2019
|
||||
Contact: Nayna Jain <nayna@linux.ibm.com>
|
||||
Description: A string indicating which backend is in use by the firmware.
|
||||
This determines the format of the variable and the accepted
|
||||
format of variable updates.
|
||||
|
||||
What: /sys/firmware/secvar/vars/<variable name>
|
||||
Date: August 2019
|
||||
Contact: Nayna Jain <nayna@linux.ibm.com>
|
||||
Description: Each secure variable is represented as a directory named as
|
||||
<variable_name>. The variable name is unique and is in ASCII
|
||||
representation. The data and size can be determined by reading
|
||||
their respective attribute files.
|
||||
|
||||
What: /sys/firmware/secvar/vars/<variable_name>/size
|
||||
Date: August 2019
|
||||
Contact: Nayna Jain <nayna@linux.ibm.com>
|
||||
Description: An integer representation of the size of the content of the
|
||||
variable. In other words, it represents the size of the data.
|
||||
|
||||
What: /sys/firmware/secvar/vars/<variable_name>/data
|
||||
Date: August 2019
|
||||
Contact: Nayna Jain h<nayna@linux.ibm.com>
|
||||
Description: A read-only file containing the value of the variable. The size
|
||||
of the file represents the maximum size of the variable data.
|
||||
|
||||
What: /sys/firmware/secvar/vars/<variable_name>/update
|
||||
Date: August 2019
|
||||
Contact: Nayna Jain <nayna@linux.ibm.com>
|
||||
Description: A write-only file that is used to submit the new value for the
|
||||
variable. The size of the file represents the maximum size of
|
||||
the variable data that can be written.
|
||||
@@ -47,36 +47,6 @@ Example (LS2080A-RDB):
|
||||
reg = <0x3 0 0x10000>;
|
||||
};
|
||||
|
||||
* Freescale BCSR GPIO banks
|
||||
|
||||
Some BCSR registers act as simple GPIO controllers, each such
|
||||
register can be represented by the gpio-controller node.
|
||||
|
||||
Required properities:
|
||||
- compatible : Should be "fsl,<board>-bcsr-gpio".
|
||||
- reg : Should contain the address and the length of the GPIO bank
|
||||
register.
|
||||
- #gpio-cells : Should be two. The first cell is the pin number and the
|
||||
second cell is used to specify optional parameters (currently unused).
|
||||
- gpio-controller : Marks the port as GPIO controller.
|
||||
|
||||
Example:
|
||||
|
||||
bcsr@1,0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "fsl,mpc8360mds-bcsr";
|
||||
reg = <1 0 0x8000>;
|
||||
ranges = <0 1 0 0x8000>;
|
||||
|
||||
bcsr13: gpio-controller@d {
|
||||
#gpio-cells = <2>;
|
||||
compatible = "fsl,mpc8360mds-bcsr-gpio";
|
||||
reg = <0xd 1>;
|
||||
gpio-controller;
|
||||
};
|
||||
};
|
||||
|
||||
* Freescale on-board FPGA connected on I2C bus
|
||||
|
||||
Some Freescale boards like BSC9132QDS have on board FPGA connected on
|
||||
|
||||
@@ -19,6 +19,7 @@ powerpc
|
||||
firmware-assisted-dump
|
||||
hvcs
|
||||
isa-versions
|
||||
kaslr-booke32
|
||||
mpc52xx
|
||||
pci_iov_resource_on_powernv
|
||||
pmu-ebb
|
||||
|
||||
42
Documentation/powerpc/kaslr-booke32.rst
Normal file
42
Documentation/powerpc/kaslr-booke32.rst
Normal file
@@ -0,0 +1,42 @@
|
||||
.. SPDX-License-Identifier: GPL-2.0
|
||||
|
||||
===========================
|
||||
KASLR for Freescale BookE32
|
||||
===========================
|
||||
|
||||
The word KASLR stands for Kernel Address Space Layout Randomization.
|
||||
|
||||
This document tries to explain the implementation of the KASLR for
|
||||
Freescale BookE32. KASLR is a security feature that deters exploit
|
||||
attempts relying on knowledge of the location of kernel internals.
|
||||
|
||||
Since CONFIG_RELOCATABLE has already supported, what we need to do is
|
||||
map or copy kernel to a proper place and relocate. Freescale Book-E
|
||||
parts expect lowmem to be mapped by fixed TLB entries(TLB1). The TLB1
|
||||
entries are not suitable to map the kernel directly in a randomized
|
||||
region, so we chose to copy the kernel to a proper place and restart to
|
||||
relocate.
|
||||
|
||||
Entropy is derived from the banner and timer base, which will change every
|
||||
build and boot. This not so much safe so additionally the bootloader may
|
||||
pass entropy via the /chosen/kaslr-seed node in device tree.
|
||||
|
||||
We will use the first 512M of the low memory to randomize the kernel
|
||||
image. The memory will be split in 64M zones. We will use the lower 8
|
||||
bit of the entropy to decide the index of the 64M zone. Then we chose a
|
||||
16K aligned offset inside the 64M zone to put the kernel in::
|
||||
|
||||
KERNELBASE
|
||||
|
||||
|--> 64M <--|
|
||||
| |
|
||||
+---------------+ +----------------+---------------+
|
||||
| |....| |kernel| | |
|
||||
+---------------+ +----------------+---------------+
|
||||
| |
|
||||
|-----> offset <-----|
|
||||
|
||||
kernstart_virt_addr
|
||||
|
||||
To enable KASLR, set CONFIG_RANDOMIZE_BASE = y. If KASLR is enable and you
|
||||
want to disable it at runtime, add "nokaslr" to the kernel cmdline.
|
||||
Reference in New Issue
Block a user