1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Backports of patch from systemd git to stable distributions
Go to file
Lennart Poettering f183c4f75a efi: include UEFI monotonic boot counter in random seed
UEFI provides a "monotonic boot counter" which is supposed to increase on
each reboot. We can include this in our random seed hash logic, which
makes things more robust in case our changes to the ESP end up not
actually being as persistent as we assume. As long as the monotonic boot
counter increases we should be good, as each boot we'll anyway end up
with a new seed that way.

This in fact should also pave the way that we can eventually enable the
random seed logic even on SecureBoot enabled systems. Why that? With
this change the input for the random seed hash is now:

1. the old seed file contents
2. (optionally) some bits from the UEFI RNG
3. (optionally) a per system random "token" stored in an UEFI variable,
   initialized at OS install
4. the UEFI monotonic counter
5. a counter integer used by the random seed logic.

We can ignore #5 entirely for security considerations, it's always going
to be a constant series of values determined by the random seed logic.

The #1 file is under control of the attacker. (Since it resides in the
unprotected ESP)

The #2 data is possibly low quality. (it's hard enough to trust the
quality of the Linux RNG, let's not go as far as trusting the UEFI one)

The #3 data should not be under control of the attacker, and should only
exist if explicitly set. Unless you have privileged access to the system
you should not be able to read or set it. (well, within limits of flash
chip security and its connectivity to the firmware)

The #4 data is provided by the firmware, and should not be under control
of the attacker. If it works correctly then it might still be guessable
(i.e. a new system might have the counter close to zero).

Thus: 1+2+5 are guessable/under control of attacker, but 3+4 should not
be. Thus, if 3 is not known to attacker and not guessable, and 4
strictly monotonically increasing then it should be enough to guarantee
that every boot will get a different seed passed in, that should not be
known or guessable by the attacker.

That all said, this patch does not enable the random seed logic on
SecureBoot. That is left for a later patch.
2022-05-11 11:03:10 +02:00
.clusterfuzzlite ci: unpin CFLite 2022-04-26 09:13:57 +00:00
.github build(deps): bump github/super-linter from 4.9.1 to 4.9.2 2022-05-03 05:51:41 +03:00
.lgtm/cpp-queries ci: pack-ify our custom CodeQL queries and enable them in Actions 2021-12-07 14:57:09 +01:00
.semaphore semaphoreci: re-enable rebooting tests 2022-04-07 14:53:49 +09:00
catalog timesyncd: generate a structure log message the first time we set the clock correctly 2022-03-18 23:54:05 +01:00
coccinelle coccinelle: automatically look for timestamp_is_set candidates 2022-02-22 22:47:12 +01:00
docs docs/ARCHITECTURE: describe fuzzer locations and use 2022-05-08 17:53:56 +02:00
factory meson: also allow setting GIT_VERSION via templates 2022-04-05 22:18:31 +02:00
hwdb.d Merge pull request #23329 from superm1/mlimonci/lg850-gl 2022-05-10 13:52:36 +02:00
LICENSES network: license all config files as CC0 2022-01-12 16:05:59 +01:00
man man: mention to Age parameter in C Type 2022-05-11 15:08:34 +09:00
mkosi.default.d mkosi: add shadow package to SUSE Tumbleweed 2022-05-09 14:58:06 +01:00
modprobe.d meson: install the right README file in modprobe.d 2021-07-07 14:52:05 +02:00
network network: add example file that enables DHCP on ethernet links 2022-01-12 16:05:59 +01:00
po po: update italian translations 2022-04-26 16:41:30 +02:00
presets units: enable systemd-network-generator by default 2021-12-16 09:49:39 +01:00
rules.d Add support to set autosuspend delay via hwdb 2022-05-09 21:14:12 -05:00
shell-completion bash-completion: resolvectl: add missing options and verb 2022-05-08 14:14:28 +02:00
src efi: include UEFI monotonic boot counter in random seed 2022-05-11 11:03:10 +02:00
sysctl.d meson: also allow setting GIT_VERSION via templates 2022-04-05 22:18:31 +02:00
sysusers.d meson: also allow setting GIT_VERSION via templates 2022-04-05 22:18:31 +02:00
test Merge pull request #23335 from keszybz/fuzz-json-more-coverage 2022-05-11 02:12:57 +09:00
tmpfiles.d meson: Sort lines in tmpfiles.d/meson.build 2022-05-03 20:46:16 +02:00
tools Merge pull request #23246 from medhefgo/check-compilation 2022-05-05 01:53:28 +03:00
units units: remove spurious empty line 2022-05-04 10:17:05 +02:00
xorg xorg/50-systemd-user: add a full license header 2021-10-01 14:45:00 +02:00
.clang-format clang-format: we actually typically use 16ch continuation indentation 2022-02-22 17:32:50 +01:00
.ctags editors: Prevent ctags from following symlinks 2019-02-15 11:01:20 -08:00
.dir-locals.el scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.editorconfig editorconfig: set maximum line length to 109 for man/*.xml files 2021-09-30 13:45:34 +02:00
.gitattributes gitattributes: introduce and use "generated" attribute 2021-10-18 09:42:55 +02:00
.gitignore gitignore: ignore mkosi.installdir 2022-03-11 09:34:04 +00:00
.lgtm.yml Revert "lgtm: disable cpp/missing-return (again)" 2022-04-16 10:59:29 +00:00
.mailmap mailmap: two more names 2021-03-30 13:17:58 +02:00
.packit.yml Packit: build SRPMs in Copr 2022-03-09 09:52:41 +00:00
.vimrc scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.ycm_extra_conf.py ycm: add doc string for all the functions in configuration file 2017-11-29 13:21:49 -07:00
configure tools: shellcheck-ify tool scripts 2021-09-30 12:27:06 +02:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile tree-wide: add spdx header on all scripts and helpers 2021-01-28 09:55:35 +01:00
meson_options.txt compression: add build-time option to select default 2022-04-18 05:43:59 +09:00
meson.build Merge pull request #23272 from keszybz/logind-man-and-rules 2022-05-07 04:23:02 +09:00
mkosi.build ci: check for failed services after boot 2021-12-10 10:25:43 +01:00
mkosi.postinst ci: check for failed services after boot 2021-12-10 10:25:43 +01:00
NEWS NEWS: update with final changes 2022-05-05 16:28:46 +02:00
README README: mention kernel requirement for ambient capabilities 2022-05-06 09:33:49 +01:00
README.md README: rawhide -> Rawhide 2022-04-06 23:14:21 +09:00
TODO update TODO 2022-05-09 12:17:08 +02:00

Systemd

System and Service Manager

Count of open issues over time Count of open pull requests over time Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Language Grade: C/C++
CentOS CI - CentOS 8
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
CentOS CI - Rawhide (SELinux)
Fossies codespell report
Coverage Status
Packaging status

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.