Hello list, a customer is experiencing a regression using tboot in some new hardware/boot environment. Their boot gets stuck in the call to move_modules(), producing the following log:
TBOOT: no LCP module found TBOOT: This is an ELF32 file. TBOOT: kernel is ELF format TBOOT: 0x6ff000 bytes copied from 0x101000 to 0x364f000 TBOOT: loader context was moved from 0x100130 to 0x364e130 The next logline that should occur "move modules to high memory" never shows up. An engineer on the customer side identified the likely cause of this; quote: > Looks like this is a bug in tboot... in move_modules(), it tries to copy the > MBI > and any modules that are loaded below tboot to memory above tboot--but due to > faulty logic in an if/then, it is not copying the MBI if its address is below > tboot & below the lowest module's address. > > You can see that with the tboot messages: > > TBOOT: 0x6ff000 bytes copied from 0x101000 to 0x3586000 > TBOOT: loader context was moved from 0x100130 to 0x3585130 > > The loader context (MBI) was not moved, so when it tries to access it at the > new > location, it may see no modules, or it may get bad info, just depending on > what > happens to me in that memory. > > The latest upstream code appears to have this bug, also. I have attached the suggested patch to this email. Can you please review the patch and apply it to the repository if the analysis is correct? Thanks Matthias -- Matthias Gerstner <matthias.gerst...@suse.de> Security Engineer https://www.suse.com/security GPG Key ID: 0x14C405C971923553 SUSE Software Solutions Germany GmbH HRB 36809, AG Nürnberg Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
--- tboot/common/loader.c.orig 2023-05-31 01:49:45.935321582 -0500 +++ tboot/common/loader.c 2023-05-31 01:57:27.914405762 -0500 @@ -1099,11 +1099,17 @@ move_modules(loader_ctx *lctx) if ( below_tboot(lowest) ) from = lowest; - else - if ( below_tboot((unsigned long)lctx->addr) ) + + /* + * if MBI is below tboot & the lowest module, make sure it gets + * copied, too! + */ + if ( below_tboot((unsigned long)lctx->addr) && + (unsigned long)lctx->addr < lowest ) from = (unsigned long)lctx->addr; - else - return; + + if (from == 0) + return; unsigned long highest = get_highest_mod_end(lctx); unsigned long to = PAGE_UP(highest);
signature.asc
Description: PGP signature
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel