On Tue, Mar 07, 2017 at 01:54:43PM +0000, Mark Rutland wrote:
On Tue, Mar 07, 2017 at 07:16:56AM -0500, Tom Rini wrote:
On Tue, Mar 07, 2017 at 11:43:52AM +0000, Mark Rutland wrote:
On Tue, Feb 28, 2017 at 12:15:09PM -0500, Tom Rini wrote:
On Wed, Mar 01, 2017 at 02:03:58AM +0900, Masahiro Yamada wrote:
2017-02-27 7:41 GMT+09:00 Tom Rini trini@konsulko.com: If we put the image at 2MiB aligned base, the relocation would always happen.
Correct. But I honestly don't know if non-randomized text offset is the common case people will optimize for or randomized for added security will be the more common case.
FWIW, the randomized text_offset is a bootloader debugging/testing feature, and there's no security aspect to it.
It was added [1] as an additional to hint to bootloader authors that they must respect the text_offset field.
Right, and we do this today. But since this doubles as a kind of cheap KASLR I would also expect to see it used, even if not intended, in this way.
I can certainly imagine people loading the kernel at a random physical base address (i.e. a random 2M base + text_offset), and doing that's perfectly fine for kernels happy to be loaded at arbitrary bases. That may help to frustrate some DMA attacks.
I take it that's what you meant?
Given text_offset itself is fixed at compile time, randomizing it provides absolutely no security benefit, and we should be careful not to give the impression that it does.
I was thinking that since it's randomized per compile and the likely number of instances not running some stock kernel, that would further add to frustrating some DMA attacks. But, no, that's not really correct. Thanks!