Commit | Line | Data |
---|---|---|
c2d1a135 JY |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | =========================== | |
4 | KASLR for Freescale BookE32 | |
5 | =========================== | |
6 | ||
7 | The word KASLR stands for Kernel Address Space Layout Randomization. | |
8 | ||
9 | This document tries to explain the implementation of the KASLR for | |
10 | Freescale BookE32. KASLR is a security feature that deters exploit | |
11 | attempts relying on knowledge of the location of kernel internals. | |
12 | ||
13 | Since CONFIG_RELOCATABLE has already supported, what we need to do is | |
14 | map or copy kernel to a proper place and relocate. Freescale Book-E | |
15 | parts expect lowmem to be mapped by fixed TLB entries(TLB1). The TLB1 | |
16 | entries are not suitable to map the kernel directly in a randomized | |
17 | region, so we chose to copy the kernel to a proper place and restart to | |
18 | relocate. | |
19 | ||
20 | Entropy is derived from the banner and timer base, which will change every | |
21 | build and boot. This not so much safe so additionally the bootloader may | |
22 | pass entropy via the /chosen/kaslr-seed node in device tree. | |
23 | ||
24 | We will use the first 512M of the low memory to randomize the kernel | |
25 | image. The memory will be split in 64M zones. We will use the lower 8 | |
26 | bit of the entropy to decide the index of the 64M zone. Then we chose a | |
27 | 16K aligned offset inside the 64M zone to put the kernel in:: | |
28 | ||
29 | KERNELBASE | |
30 | ||
31 | |--> 64M <--| | |
32 | | | | |
33 | +---------------+ +----------------+---------------+ | |
34 | | |....| |kernel| | | | |
35 | +---------------+ +----------------+---------------+ | |
36 | | | | |
37 | |-----> offset <-----| | |
38 | ||
39 | kernstart_virt_addr | |
40 | ||
f8b42777 | 41 | To enable KASLR, set CONFIG_RANDOMIZE_BASE = y. If KASLR is enabled and you |
c2d1a135 | 42 | want to disable it at runtime, add "nokaslr" to the kernel cmdline. |