On Tue, Mar 07, 2017 at 07:16:56AM -0500, Tom Rini wrote: > On Tue, Mar 07, 2017 at 11:43:52AM +0000, Mark Rutland wrote: > > On Tue, Feb 28, 2017 at 12:15:09PM -0500, Tom Rini wrote: > > > On Wed, Mar 01, 2017 at 02:03:58AM +0900, Masahiro Yamada wrote: > > > > 2017-02-27 7:41 GMT+09:00 Tom Rini <[email protected]>: > > > > If we put the image at 2MiB aligned base, the relocation would > > > > always happen. > > > > > > Correct. But I honestly don't know if non-randomized text offset is the > > > common case people will optimize for or randomized for added security > > > will be > > > the more common case. > > > > FWIW, the randomized text_offset is a bootloader debugging/testing > > feature, and there's no security aspect to it. > > > > It was added [1] as an additional to hint to bootloader authors that > > they must respect the text_offset field. > > Right, and we do this today. But since this doubles as a kind of cheap > KASLR I would also expect to see it used, even if not intended, in this > way.
I can certainly imagine people loading the kernel at a random physical base address (i.e. a random 2M base + text_offset), and doing that's perfectly fine for kernels happy to be loaded at arbitrary bases. That may help to frustrate some DMA attacks. I take it that's what you meant? Given text_offset itself is fixed at compile time, randomizing it provides absolutely no security benefit, and we should be careful not to give the impression that it does. Thanks, Mark. _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
