efi/libstub: Enable reset attack mitigation
authorMatthew Garrett <mjg59@google.com>
Fri, 25 Aug 2017 15:50:15 +0000 (16:50 +0100)
committerIngo Molnar <mingo@kernel.org>
Sat, 26 Aug 2017 07:20:33 +0000 (09:20 +0200)
commitccc829ba3624beb9a703fc995d016b836d9eead8
treeb1791e31decb96c4fad4cd24b6b9dce5a351d2eb
parent3cb9bc85029f2ceb7a5babadcab445c7cb861da8
efi/libstub: Enable reset attack mitigation

If a machine is reset while secrets are present in RAM, it may be
possible for code executed after the reboot to extract those secrets
from untouched memory. The Trusted Computing Group specified a mechanism
for requesting that the firmware clear all RAM on reset before booting
another OS. This is done by setting the MemoryOverwriteRequestControl
variable at startup. If userspace can ensure that all secrets are
removed as part of a controlled shutdown, it can reset this variable to
0 before triggering a hardware reboot.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170825155019.6740-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
arch/x86/boot/compressed/eboot.c
drivers/firmware/efi/Kconfig
drivers/firmware/efi/libstub/Makefile
drivers/firmware/efi/libstub/arm-stub.c
drivers/firmware/efi/libstub/tpm.c [new file with mode: 0644]
include/linux/efi.h