From: Glenn Washburn <development@efficientek.com>
To: The development of GNU GRUB <grub-devel@gnu.org>,
Daniel Kiper <dkiper@net-space.pl>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
Glenn Washburn <development@efficientek.com>
Subject: [PATCH v3 3/3] efi: Add support for reproducible builds
Date: Tue, 19 Dec 2023 00:00:01 -0600 [thread overview]
Message-ID: <5989c010215464284b805c816cf9309f46324b49.1702965318.git.development@efficientek.com> (raw)
In-Reply-To: <cover.1702965318.git.development@efficientek.com>
Having randomly generated bytes in the binary output breaks reproducible
builds. Since build timestamps are usually the source of irreproducibility
there is a standard which defines an environment variable SOURCE_DATE_EPOCH
to be used when set for build timestamps. According to the standard[1], the
value of SOURCE_DATE_EPOCH is a base-10 integer of the number of seconds
since the UNIX epoch. Currently, this is a 10 digit number that fits into
32-bits, but will not shortly after the year 2100. So to be future-proof
only use the least significant 32-bits. On 64-bit architectures, where the
canary is also 64-bits, there is an extra 32-bits that can be filled to
provide more entropy. The first byte is null to filter out string buffer
overflow attacks and the remaining 24-bits are set to static random bytes.
[1] https://reproducible-builds.org/specs/source-date-epoch
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
configure.ac | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index f15d31ec4c0e..0ba1cd71db00 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1439,7 +1439,9 @@ else
fi
TARGET_CPPFLAGS="$TARGET_CPPFLAGS -DGRUB_STACK_PROTECTOR=1"
- if test -r /dev/urandom; then
+ if test -n "$SOURCE_DATE_EPOCH"; then
+ GRUB_STACK_PROTECTOR_INIT="0x00f2b7e2$(printf "%x" "$SOURCE_DATE_EPOCH" | sed 's/.*\(........\)$/\1/')"
+ elif test -r /dev/urandom; then
# Generate the 8 byte stack protector canary at build time if /dev/urandom
# is able to be read. The first byte should be NUL to filter out string
# buffer overflow attacks.
--
2.34.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2023-12-19 6:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-19 5:59 [PATCH v3 0/3] efi: Initialize canary to non-zero value Glenn Washburn
2023-12-19 5:59 ` [PATCH v3 1/3] " Glenn Washburn
2023-12-19 6:00 ` [PATCH v3 2/3] efi: Generate stack protector canary at build time if urandom is available Glenn Washburn
2023-12-19 6:00 ` Glenn Washburn [this message]
2023-12-20 13:09 ` [PATCH v3 0/3] efi: Initialize canary to non-zero value Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5989c010215464284b805c816cf9309f46324b49.1702965318.git.development@efficientek.com \
--to=development@efficientek.com \
--cc=dimitri.ledkov@canonical.com \
--cc=dkiper@net-space.pl \
--cc=grub-devel@gnu.org \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).