^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) ===========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) KASLR for Freescale BookE32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) ===========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) The word KASLR stands for Kernel Address Space Layout Randomization.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) This document tries to explain the implementation of the KASLR for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) Freescale BookE32. KASLR is a security feature that deters exploit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) attempts relying on knowledge of the location of kernel internals.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) Since CONFIG_RELOCATABLE has already supported, what we need to do is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) map or copy kernel to a proper place and relocate. Freescale Book-E
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) parts expect lowmem to be mapped by fixed TLB entries(TLB1). The TLB1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) entries are not suitable to map the kernel directly in a randomized
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) region, so we chose to copy the kernel to a proper place and restart to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) relocate.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) Entropy is derived from the banner and timer base, which will change every
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) build and boot. This not so much safe so additionally the bootloader may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) pass entropy via the /chosen/kaslr-seed node in device tree.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) We will use the first 512M of the low memory to randomize the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) image. The memory will be split in 64M zones. We will use the lower 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) bit of the entropy to decide the index of the 64M zone. Then we chose a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 16K aligned offset inside the 64M zone to put the kernel in::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) KERNELBASE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) |--> 64M <--|
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) +---------------+ +----------------+---------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) | |....| |kernel| | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) +---------------+ +----------------+---------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) |-----> offset <-----|
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) kernstart_virt_addr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) To enable KASLR, set CONFIG_RANDOMIZE_BASE = y. If KASLR is enable and you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) want to disable it at runtime, add "nokaslr" to the kernel cmdline.
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags