Integrate latest changes from main

Merges branch 'main' into next and adjust the code accordingly.

Changes the config serialization format.

Author: phil-opp

Cargo.lock

@@ -27,6 +27,9 @@ exclude = ["examples/basic", "examples/test_framework"]
 anyhow = "1.0.32"
 fatfs = "0.3.4"
 gpt = "3.0.0"
+raw-cpuid = { version = "10.2.0", optional = true }
+rand = { version = "0.8.4", optional = true, default-features = false }
+rand_chacha = { version = "0.3.1", optional = true, default-features = false }
 
 # [dependencies.bootloader-x86_64-uefi]
 # version = "0.1.0"

Cargo.toml

@@ -1,5 +1,14 @@
 # Unreleased
 
+# 0.10.12 – 2022-02-06
+
+- Add support for position independent executables ([#206](https://github.com/rust-osdev/bootloader/pull/206))
+- Add optional ASLR ([#221](https://github.com/rust-osdev/bootloader/pull/221))
+- Logger: nicer font rendering into framebuffer ([#213](https://github.com/rust-osdev/bootloader/pull/213))
+- Fix warnings on latest nightly (`maybe_uninit_extra` is no longer feature-gated) ([#222](https://github.com/rust-osdev/bootloader/pull/222))
+- Rework `UsedLevel4Entries` ([#219](https://github.com/rust-osdev/bootloader/pull/219))
+- Add small doc-comment to entry_point! macro ([#220](https://github.com/rust-osdev/bootloader/pull/220))
+
 # 0.10.11 – 2022-01-09
 
 - Remove feature flag for `lang_items`, `asm` and `global_asm` ([#210](https://github.com/rust-osdev/bootloader/pull/210))

Changelog.md

@@ -19,6 +19,7 @@ fn main() {
         (68, 10),
         (78, 9),
         (87, 9),
+        (96, 1),
     ];
 
     let mut code = String::new();

api/build.rs

@@ -35,7 +35,7 @@ impl BootloaderConfig {
         0x3D,
     ];
     #[doc(hidden)]
-    pub const SERIALIZED_LEN: usize = 96;
+    pub const SERIALIZED_LEN: usize = 97;
 
     /// Creates a new default configuration with the following values:
     ///
@@ -69,6 +69,7 @@ impl BootloaderConfig {
             pre_release,
         } = version;
         let Mappings {
+            aslr,
             kernel_stack,
             boot_info,
             framebuffer,
@@ -120,6 +121,7 @@ impl BootloaderConfig {
                 Option::Some(addr) => concat_1_8([1], addr.to_le_bytes()),
             },
         );
+        let buf = concat_96_1(buf, [(*aslr) as u8]);
 
         buf
     }
@@ -174,8 +176,14 @@ impl BootloaderConfig {
             let (&physical_memory, s) = split_array_ref(s);
             let (&page_table_recursive_some, s) = split_array_ref(s);
             let (&page_table_recursive, s) = split_array_ref(s);
+            let (&[alsr], s) = split_array_ref(s);
 
             let mappings = Mappings {
+                aslr: match alsr {
+                    1 => true,
+                    0 => false,
+                    _ => return Err(()),
+                },
                 kernel_stack: Mapping::deserialize(&kernel_stack)?,
                 boot_info: Mapping::deserialize(&boot_info)?,
                 framebuffer: Mapping::deserialize(&framebuffer)?,
@@ -306,6 +314,12 @@ impl Default for ApiVersion {
 #[derive(Debug, Default, PartialEq, Eq, Clone, Copy)]
 #[non_exhaustive]
 pub struct Mappings {
+    /// Whether to randomize non-statically configured addresses.
+    /// The kernel base address will be randomized when it's compiled as
+    /// a position independent executable.
+    ///
+    /// Defaults to `false`.
+    pub aslr: bool,
     /// Configures how the kernel stack should be mapped.
     pub kernel_stack: Mapping,
     /// Specifies where the [`crate::BootInfo`] struct should be placed in virtual memory.
@@ -332,6 +346,7 @@ impl Mappings {
     /// enabled.
     pub const fn new_default() -> Self {
         Self {
+            aslr: false,
             kernel_stack: Mapping::new_default(),
             boot_info: Mapping::new_default(),
             framebuffer: Mapping::new_default(),
@@ -345,6 +360,7 @@ impl Mappings {
         let phys = rand::random();
         let recursive = rand::random();
         Self {
+            aslr: rand::random(),
             kernel_stack: Mapping::random(),
             boot_info: Mapping::random(),
             framebuffer: Mapping::random(),

api/src/config.rs

@@ -16,6 +16,9 @@ uefi = "0.13"
 usize_conversions = "0.2.0"
 x86_64 = { version = "0.14.8" }
 xmas-elf = "0.8.0"
+raw-cpuid = "10.2.0"
+rand = { version = "0.8.4", default-features = false }
+rand_chacha = { version = "0.3.1", default-features = false }
 
 [dependencies.noto-sans-mono-bitmap]
 version = "0.1.2"

common/Cargo.toml

@@ -0,0 +1,97 @@
+use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng};
+use raw_cpuid::CpuId;
+use x86_64::instructions::{port::Port, random::RdRand};
+
+/// Gather entropy from various sources to seed a RNG.
+pub fn build_rng() -> ChaCha20Rng {
+    const ENTROPY_SOURCES: [fn() -> [u8; 32]; 3] = [rd_rand_entropy, tsc_entropy, pit_entropy];
+
+    // Collect entropy from different sources and xor them all together.
+    let mut seed = [0; 32];
+    for entropy_source in ENTROPY_SOURCES {
+        let entropy = entropy_source();
+
+        for (seed, entropy) in seed.iter_mut().zip(entropy) {
+            *seed ^= entropy;
+        }
+    }
+
+    // Construct the RNG.
+    ChaCha20Rng::from_seed(seed)
+}
+
+/// Gather entropy by requesting random numbers with `RDRAND` instruction if it's available.
+///
+/// This function provides excellent entropy (unless you don't trust the CPU vendors).
+fn rd_rand_entropy() -> [u8; 32] {
+    let mut entropy = [0; 32];
+
+    // Check if the CPU supports `RDRAND`.
+    if let Some(rd_rand) = RdRand::new() {
+        for i in 0..4 {
+            if let Some(value) = get_random_64(rd_rand) {
+                entropy[i * 8..(i + 1) * 8].copy_from_slice(&value.to_ne_bytes());
+            }
+        }
+    }
+
+    entropy
+}
+
+/// Try to fetch a 64 bit random value with a retry count limit of 10.
+///
+/// This function is a port of the C implementation provided in Intel's Software Developer's Manual, Volume 1, 7.3.17.1.
+fn get_random_64(rd_rand: RdRand) -> Option<u64> {
+    const RETRY_LIMIT: u32 = 10;
+    for _ in 0..RETRY_LIMIT {
+        if let Some(value) = rd_rand.get_u64() {
+            return Some(value);
+        }
+    }
+    None
+}
+
+/// Gather entropy by reading the current time with the `RDTSC` instruction if it's available.
+///
+/// This function doesn't provide particulary good entropy, but it's better than nothing.
+fn tsc_entropy() -> [u8; 32] {
+    let mut entropy = [0; 32];
+
+    // Check if the CPU supports `RDTSC`.
+    let cpu_id = CpuId::new();
+    if let Some(feature_info) = cpu_id.get_feature_info() {
+        if !feature_info.has_tsc() {
+            for i in 0..4 {
+                let value = unsafe {
+                    // SAFETY: We checked that the cpu supports `RDTSC` and we run in ring 0.
+                    core::arch::x86_64::_rdtsc()
+                };
+                entropy[i * 8..(i + 1) * 8].copy_from_slice(&value.to_ne_bytes());
+            }
+        }
+    }
+
+    entropy
+}
+
+/// Gather entropy by reading the current count of PIT channel 1-3.
+///
+/// This function doesn't provide particulary good entropy, but it's always available.
+fn pit_entropy() -> [u8; 32] {
+    let mut entropy = [0; 32];
+
+    for (i, entropy_byte) in entropy.iter_mut().enumerate() {
+        // Cycle through channels 1-3.
+        let channel = i % 3;
+
+        let mut port = Port::<u8>::new(0x40 + channel as u16);
+        let value = unsafe {
+            // SAFETY: It's safe to read from ports 0x40-0x42.
+            port.read()
+        };
+
+        *entropy_byte = value;
+    }
+
+    entropy
+}