Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Tue, May 21, 2024 at 11:59 AM Ilias Apalodimas
wrote:
>
> On Tue, 21 May 2024 at 21:05, Tim Harvey wrote:
> >
> > On Tue, May 21, 2024 at 10:29 AM Ilias Apalodimas
> > wrote:
> > >
> > > On Tue, 21 May 2024 at 20:06, Tim Harvey wrote:
> > > >
> > > > On Tue, May 21, 2024 at 9:54 AM Ilias Apalodimas
> > > > wrote:
> > > > >
> > > > > Hi Tim,
> > > > >
> > > > > On Tue, 21 May 2024 at 19:37, Tim Harvey
> > > > > wrote:
> > > > > >
> > > > > > On Tue, May 21, 2024 at 5:05 AM Ilias Apalodimas
> > > > > > wrote:
> > > > > > >
> > > > > > > Hi Tim
> > > > > > >
> > > > > > > On Wed, 15 May 2024 at 23:50, Tim Harvey
> > > > > > > wrote:
> > > > > > > >
> > > > > > > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it
> > > > > > > > to
> > > > > > > > randomize the virtual address at which the kernel image is
> > > > > > > > loaded, it
> > > > > > > > expects entropy to be provided by the bootloader by populating
> > > > > > > > /chosen/kaslr-seed with a 64-bit value from source of entropy
> > > > > > > > at boot.
> > > > > > >
> > > > > > > Since you'll send a v2, mind adding some description for UEFI on
> > > > > > > the
> > > > > > > commit message?
> > > > > > > efi_try_purge_kaslr_seed() has a comment of the behaviour
> > > > > > >
> > > > > >
> > > > > > Hi Ilias,
> > > > > >
> > > > > > Ok, I will add the following to the commit log for clarity:
> > > > > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> > > > > > randomization and completely ignores the kaslr-seed for its own
> > > > > > randomness needs (i.e the randomization of the physical placement of
> > > > > > the kernel). It gets weeded out from the DTB that gets handed over
> > > > > > via
> > > > > > efi_install_fdt() as it would also mess up the measured boot DTB TPM
> > > > > > measurements as well.
> > > > > >
> > > > > > Does the above mean that I don't need to worry about protecting the
> > > > > > call to fdt_kaslrseed() with a check for MEASURED BOOT as
> > > > > > efi_install_fdt/efi_try_purge_kaslr_seed always gets called in that
> > > > > > case?
> > > > >
> > > > > There are 2 ways to do measured boot. One is via the bootm command and
> > > > > the other is via the EFI protocols.
> > > > > CONFIG_MEASURED_BOOT only applies to bootm.
> > > > > OTOH kaslr-seed might still have value if EFI_RNG is disabled, even
> > > > > when booting with EFI, since the kernel will randomize the virtual
> > > > > placement if it finds that.
> > > > >
> > > > > But in any case, a kaslr-seed entry can't be present in the DTB if you
> > > > > plan to measure it.
> > > >
> > > > ok, sounds like I need to use:
> > > >
> > > > if (IS_ENABLED(CONFIG_DM_RNG) &&
> > > > !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) &&
> > > > !IS_ENABLED(CONFIG_MEASURED_BOOT) {
> > > > fdt_kaslrseed...
> > > > }
> > > >
> > >
> > > Can't we measure the DT *before* adding the kaslr-seed?
> > >
> >
> > You tell me... I'm deferring to you regarding what is needed for this
> > patch for measured boot.
> >
> > What changes do I need to make and why?
>
> Ok, thinking it a bit more we can't reliably measure the DT before a
> kaslr-seed gets injected, simply because an earlier stage bootloader
> might have injected it That's why we had a config option (and at
> least we mention it in aa2d3945ce6df43903d76cadde1c0669d6d5d43b but
> not in great detail).
> However, for a user that's far from ideal since he needs to be aware
> of those details before enabling measurements for the DT.
>
> Looking at our EFI code we *try* to purge the kaslr-seed before
> measuring the DT, but that doesn't guarantee it won't be there -- it
> will be purged only if EFI_RNG is installed. But that only happens if
> you have an RNG available.
> To make things even worse, the kaslr-seed is not the only source of
> randomness when measuring a DT, a mac address entry for example would
> have the same effect.
Right... I've noticed that as well. There are many things that alter
the dt and it seems like you need to be able to disable them all if
you're going to measure the fdt.
I'm no security expert but I can't really understand the point of
measuring the dtb anyway assuming your boot code has been
measured/verified and the boot code is the thing that is altering the
fdt so it's trusted right? Unless you are worried about uboot env
hacks but I disable uboot env when securing a device.
I recently put together a measured boot example for a user and for
that I measured boot firmware (the entire emmc boot0 device) and the
FIT image which contained the kernel, ramdisk, and 'pre-altered' dtb.
> On top of all these EFI code measures on PCR0 and bootm on PCR8. The
> reason for that is that although the EFI spec has no guidance on
> measuring a DT, it does have for ACPI and it uses PCR0 [0].
>
> I think all these should be fixed and at least documented properly for
> now, but that's unfair to you since it's irrelevant to what your patch
> is trying to fix ...
>
yes.
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Tue, 21 May 2024 at 21:05, Tim Harvey wrote:
>
> On Tue, May 21, 2024 at 10:29 AM Ilias Apalodimas
> wrote:
> >
> > On Tue, 21 May 2024 at 20:06, Tim Harvey wrote:
> > >
> > > On Tue, May 21, 2024 at 9:54 AM Ilias Apalodimas
> > > wrote:
> > > >
> > > > Hi Tim,
> > > >
> > > > On Tue, 21 May 2024 at 19:37, Tim Harvey wrote:
> > > > >
> > > > > On Tue, May 21, 2024 at 5:05 AM Ilias Apalodimas
> > > > > wrote:
> > > > > >
> > > > > > Hi Tim
> > > > > >
> > > > > > On Wed, 15 May 2024 at 23:50, Tim Harvey
> > > > > > wrote:
> > > > > > >
> > > > > > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > > > > > > randomize the virtual address at which the kernel image is
> > > > > > > loaded, it
> > > > > > > expects entropy to be provided by the bootloader by populating
> > > > > > > /chosen/kaslr-seed with a 64-bit value from source of entropy at
> > > > > > > boot.
> > > > > >
> > > > > > Since you'll send a v2, mind adding some description for UEFI on the
> > > > > > commit message?
> > > > > > efi_try_purge_kaslr_seed() has a comment of the behaviour
> > > > > >
> > > > >
> > > > > Hi Ilias,
> > > > >
> > > > > Ok, I will add the following to the commit log for clarity:
> > > > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> > > > > randomization and completely ignores the kaslr-seed for its own
> > > > > randomness needs (i.e the randomization of the physical placement of
> > > > > the kernel). It gets weeded out from the DTB that gets handed over via
> > > > > efi_install_fdt() as it would also mess up the measured boot DTB TPM
> > > > > measurements as well.
> > > > >
> > > > > Does the above mean that I don't need to worry about protecting the
> > > > > call to fdt_kaslrseed() with a check for MEASURED BOOT as
> > > > > efi_install_fdt/efi_try_purge_kaslr_seed always gets called in that
> > > > > case?
> > > >
> > > > There are 2 ways to do measured boot. One is via the bootm command and
> > > > the other is via the EFI protocols.
> > > > CONFIG_MEASURED_BOOT only applies to bootm.
> > > > OTOH kaslr-seed might still have value if EFI_RNG is disabled, even
> > > > when booting with EFI, since the kernel will randomize the virtual
> > > > placement if it finds that.
> > > >
> > > > But in any case, a kaslr-seed entry can't be present in the DTB if you
> > > > plan to measure it.
> > >
> > > ok, sounds like I need to use:
> > >
> > > if (IS_ENABLED(CONFIG_DM_RNG) &&
> > > !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) &&
> > > !IS_ENABLED(CONFIG_MEASURED_BOOT) {
> > > fdt_kaslrseed...
> > > }
> > >
> >
> > Can't we measure the DT *before* adding the kaslr-seed?
> >
>
> You tell me... I'm deferring to you regarding what is needed for this
> patch for measured boot.
>
> What changes do I need to make and why?
Ok, thinking it a bit more we can't reliably measure the DT before a
kaslr-seed gets injected, simply because an earlier stage bootloader
might have injected it That's why we had a config option (and at
least we mention it in aa2d3945ce6df43903d76cadde1c0669d6d5d43b but
not in great detail).
However, for a user that's far from ideal since he needs to be aware
of those details before enabling measurements for the DT.
Looking at our EFI code we *try* to purge the kaslr-seed before
measuring the DT, but that doesn't guarantee it won't be there -- it
will be purged only if EFI_RNG is installed. But that only happens if
you have an RNG available.
To make things even worse, the kaslr-seed is not the only source of
randomness when measuring a DT, a mac address entry for example would
have the same effect.
On top of all these EFI code measures on PCR0 and bootm on PCR8. The
reason for that is that although the EFI spec has no guidance on
measuring a DT, it does have for ACPI and it uses PCR0 [0].
I think all these should be fixed and at least documented properly for
now, but that's unfair to you since it's irrelevant to what your patch
is trying to fix ...
As for recommendations, I haven't looked into bootm code for quite
some time. Can we inject kaslr-seed after we measure it? If yes, then
do that and let's add a comment about the current mess...
[0]
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf
3.3.4.1 PCR[0] – SRTM, POST BIOS, and Embedded Drivers
>
> Best Regards,
>
> Tim
>
> > Cheers
> > /Ilias
> > > Thanks,
> > >
> > > I'll send a v3 hopefully later today.
> > >
> > > Tim
> > >
> > > >
> > > > Cheers
> > > > /Ilias
> > > >
> > > > >
> > > > > Best Regards,
> > > > >
> > > > > Tim
> > > > >
> > > > > > Thanks
> > > > > > /Ilias
> > > > > > >
> > > > > > > If we have DM_RNG enabled populate this value automatically when
> > > > > > > fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled
> > > > > > > as
> > > > > > > it's implementation uses a different source of entropy.
> > > > > > >
> > > > > > > As this fdt node is added elsewhere create a library function and
> > > > > > > use
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Tue, May 21, 2024 at 10:29 AM Ilias Apalodimas
wrote:
>
> On Tue, 21 May 2024 at 20:06, Tim Harvey wrote:
> >
> > On Tue, May 21, 2024 at 9:54 AM Ilias Apalodimas
> > wrote:
> > >
> > > Hi Tim,
> > >
> > > On Tue, 21 May 2024 at 19:37, Tim Harvey wrote:
> > > >
> > > > On Tue, May 21, 2024 at 5:05 AM Ilias Apalodimas
> > > > wrote:
> > > > >
> > > > > Hi Tim
> > > > >
> > > > > On Wed, 15 May 2024 at 23:50, Tim Harvey
> > > > > wrote:
> > > > > >
> > > > > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > > > > > randomize the virtual address at which the kernel image is loaded,
> > > > > > it
> > > > > > expects entropy to be provided by the bootloader by populating
> > > > > > /chosen/kaslr-seed with a 64-bit value from source of entropy at
> > > > > > boot.
> > > > >
> > > > > Since you'll send a v2, mind adding some description for UEFI on the
> > > > > commit message?
> > > > > efi_try_purge_kaslr_seed() has a comment of the behaviour
> > > > >
> > > >
> > > > Hi Ilias,
> > > >
> > > > Ok, I will add the following to the commit log for clarity:
> > > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> > > > randomization and completely ignores the kaslr-seed for its own
> > > > randomness needs (i.e the randomization of the physical placement of
> > > > the kernel). It gets weeded out from the DTB that gets handed over via
> > > > efi_install_fdt() as it would also mess up the measured boot DTB TPM
> > > > measurements as well.
> > > >
> > > > Does the above mean that I don't need to worry about protecting the
> > > > call to fdt_kaslrseed() with a check for MEASURED BOOT as
> > > > efi_install_fdt/efi_try_purge_kaslr_seed always gets called in that
> > > > case?
> > >
> > > There are 2 ways to do measured boot. One is via the bootm command and
> > > the other is via the EFI protocols.
> > > CONFIG_MEASURED_BOOT only applies to bootm.
> > > OTOH kaslr-seed might still have value if EFI_RNG is disabled, even
> > > when booting with EFI, since the kernel will randomize the virtual
> > > placement if it finds that.
> > >
> > > But in any case, a kaslr-seed entry can't be present in the DTB if you
> > > plan to measure it.
> >
> > ok, sounds like I need to use:
> >
> > if (IS_ENABLED(CONFIG_DM_RNG) &&
> > !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) &&
> > !IS_ENABLED(CONFIG_MEASURED_BOOT) {
> > fdt_kaslrseed...
> > }
> >
>
> Can't we measure the DT *before* adding the kaslr-seed?
>
You tell me... I'm deferring to you regarding what is needed for this
patch for measured boot.
What changes do I need to make and why?
Best Regards,
Tim
> Cheers
> /Ilias
> > Thanks,
> >
> > I'll send a v3 hopefully later today.
> >
> > Tim
> >
> > >
> > > Cheers
> > > /Ilias
> > >
> > > >
> > > > Best Regards,
> > > >
> > > > Tim
> > > >
> > > > > Thanks
> > > > > /Ilias
> > > > > >
> > > > > > If we have DM_RNG enabled populate this value automatically when
> > > > > > fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> > > > > > it's implementation uses a different source of entropy.
> > > > > >
> > > > > > As this fdt node is added elsewhere create a library function and
> > > > > > use it to deduplicate code.
> > > > > >
> > > > > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless
> > > > > > now
> > > > > > but left in place in case boot scripts exist that rely on this
> > > > > > command
> > > > > > existing and returning success. An informational message is printed
> > > > > > to
> > > > > > alert users of this command that it is likely no longer needed.
> > > > > >
> > > > > > Signed-off-by: Tim Harvey
> > > > > > ---
> > > > > > v2:
> > > > > > - fix typo in commit msg
> > > > > > - use stack for seed to avoid unecessary malloc/free
> > > > > > - move to a library function and deduplicate code by using it
> > > > > > elsewhere
> > > > > > ---
> > > > > > board/xilinx/common/board.c | 35 -
> > > > > > boot/fdt_support.c | 10 +
> > > > > > boot/pxe_utils.c| 35 +++--
> > > > > > cmd/kaslrseed.c | 45
> > > > > > ++---
> > > > > > include/kaslrseed.h | 17 ++
> > > > > > lib/Makefile| 1 +
> > > > > > lib/kaslrseed.c | 34
> > > > > > 7 files changed, 72 insertions(+), 105 deletions(-)
> > > > > > create mode 100644 include/kaslrseed.h
> > > > > > create mode 100644 lib/kaslrseed.c
> > > > > >
> > > > > > diff --git a/board/xilinx/common/board.c
> > > > > > b/board/xilinx/common/board.c
> > > > > > index 30a81376ac41..f741e8957818 100644
> > > > > > --- a/board/xilinx/common/board.c
> > > > > > +++ b/board/xilinx/common/board.c
> > > > > > @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info
> > > > > > *bd)
> > > > > > if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> > > > > > IS_ENABL
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Mon, May 20, 2024 at 09:37:21AM -0700, Tim Harvey wrote:
> On Mon, May 20, 2024 at 1:29 AM Michal Simek wrote:
> >
> > Hi Tim,
> >
> > On 5/16/24 17:58, Tim Harvey wrote:
> > > On Wed, May 15, 2024 at 1:50 PM Tim Harvey wrote:
> > >>
> > >> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > >> randomize the virtual address at which the kernel image is loaded, it
> > >> expects entropy to be provided by the bootloader by populating
> > >> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
> > >>
> > >> If we have DM_RNG enabled populate this value automatically when
> > >> fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> > >> it's implementation uses a different source of entropy.
> > >>
> > >> As this fdt node is added elsewhere create a library function and
> > >> use it to deduplicate code.
> > >>
> > >> Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> > >> but left in place in case boot scripts exist that rely on this command
> > >> existing and returning success. An informational message is printed to
> > >> alert users of this command that it is likely no longer needed.
> > >>
> > >> Signed-off-by: Tim Harvey
> > >> ---
> > >> v2:
> > >> - fix typo in commit msg
> > >> - use stack for seed to avoid unecessary malloc/free
> > >> - move to a library function and deduplicate code by using it elsewhere
> > >> ---
> > >> board/xilinx/common/board.c | 35 -
> > >> boot/fdt_support.c | 10 +
> > >> boot/pxe_utils.c| 35 +++--
> > >> cmd/kaslrseed.c | 45 ++---
> > >> include/kaslrseed.h | 17 ++
> > >> lib/Makefile| 1 +
> > >> lib/kaslrseed.c | 34
> > >> 7 files changed, 72 insertions(+), 105 deletions(-)
> > >> create mode 100644 include/kaslrseed.h
> > >> create mode 100644 lib/kaslrseed.c
> > >>
> > >> diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> > >> index 30a81376ac41..f741e8957818 100644
> > >> --- a/board/xilinx/common/board.c
> > >> +++ b/board/xilinx/common/board.c
> > >> @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> > >> if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> > >> IS_ENABLED(CONFIG_NAND_ZYNQ))
> > >> fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
> > >>
> > >> - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > >> - debug("No RNG device\n");
> > >> - return 0;
> > >> - }
> > >> -
> > >> - if (dm_rng_read(dev, buf, n)) {
> > >> - debug("Reading RNG failed\n");
> > >> - return 0;
> > >> - }
> > >> -
> > >> - if (!blob) {
> > >> - debug("No FDT memory address configured. Please
> > >> configure\n"
> > >> - "the FDT address via \"fdt addr \"
> > >> command.\n"
> > >> - "Aborting!\n");
> > >> - return 0;
> > >> - }
> > >> -
> > >> - ret = fdt_check_header(blob);
> > >> - if (ret < 0) {
> > >> - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> > >> - return ret;
> > >> - }
> > >> -
> > >> - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
> > >> - if (nodeoffset < 0) {
> > >> - debug("Reading chosen node failed\n");
> > >> - return nodeoffset;
> > >> - }
> > >> -
> > >> - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf,
> > >> sizeof(buf));
> > >> - if (ret < 0) {
> > >> - debug("Unable to set kaslr-seed on chosen node: %s\n",
> > >> fdt_strerror(ret));
> > >> - return ret;
> > >> - }
> > >> -
> > >> return 0;
> > >> }
> > >> #endif
> > >> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> > >> index 874ca4d6f5af..3455d60d69dc 100644
> > >> --- a/boot/fdt_support.c
> > >> +++ b/boot/fdt_support.c
> > >> @@ -8,6 +8,7 @@
> > >>
> > >> #include
> > >> #include
> > >> +#include
> > >> #include
> > >> #include
> > >> #include
> > >> @@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
> > >> if (nodeoffset < 0)
> > >> return nodeoffset;
> > >>
> > >> + if (IS_ENABLED(CONFIG_DM_RNG) &&
> > >> !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
> > >> + err = fdt_kaslrseed(fdt);
> > >> + if (err) {
> > >> + printf("WARNING: could not set kaslr-seed %s.\n",
> > >> + fdt_strerror(err));
> > >> + return err;
> > >> + }
> > >> + }
> > >> +
> > >> if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf))
> > >> {
> > >> err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> > >>
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Tue, 21 May 2024 at 20:06, Tim Harvey wrote:
>
> On Tue, May 21, 2024 at 9:54 AM Ilias Apalodimas
> wrote:
> >
> > Hi Tim,
> >
> > On Tue, 21 May 2024 at 19:37, Tim Harvey wrote:
> > >
> > > On Tue, May 21, 2024 at 5:05 AM Ilias Apalodimas
> > > wrote:
> > > >
> > > > Hi Tim
> > > >
> > > > On Wed, 15 May 2024 at 23:50, Tim Harvey wrote:
> > > > >
> > > > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > > > > randomize the virtual address at which the kernel image is loaded, it
> > > > > expects entropy to be provided by the bootloader by populating
> > > > > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
> > > >
> > > > Since you'll send a v2, mind adding some description for UEFI on the
> > > > commit message?
> > > > efi_try_purge_kaslr_seed() has a comment of the behaviour
> > > >
> > >
> > > Hi Ilias,
> > >
> > > Ok, I will add the following to the commit log for clarity:
> > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> > > randomization and completely ignores the kaslr-seed for its own
> > > randomness needs (i.e the randomization of the physical placement of
> > > the kernel). It gets weeded out from the DTB that gets handed over via
> > > efi_install_fdt() as it would also mess up the measured boot DTB TPM
> > > measurements as well.
> > >
> > > Does the above mean that I don't need to worry about protecting the
> > > call to fdt_kaslrseed() with a check for MEASURED BOOT as
> > > efi_install_fdt/efi_try_purge_kaslr_seed always gets called in that
> > > case?
> >
> > There are 2 ways to do measured boot. One is via the bootm command and
> > the other is via the EFI protocols.
> > CONFIG_MEASURED_BOOT only applies to bootm.
> > OTOH kaslr-seed might still have value if EFI_RNG is disabled, even
> > when booting with EFI, since the kernel will randomize the virtual
> > placement if it finds that.
> >
> > But in any case, a kaslr-seed entry can't be present in the DTB if you
> > plan to measure it.
>
> ok, sounds like I need to use:
>
> if (IS_ENABLED(CONFIG_DM_RNG) &&
> !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) &&
> !IS_ENABLED(CONFIG_MEASURED_BOOT) {
> fdt_kaslrseed...
> }
>
Can't we measure the DT *before* adding the kaslr-seed?
Cheers
/Ilias
> Thanks,
>
> I'll send a v3 hopefully later today.
>
> Tim
>
> >
> > Cheers
> > /Ilias
> >
> > >
> > > Best Regards,
> > >
> > > Tim
> > >
> > > > Thanks
> > > > /Ilias
> > > > >
> > > > > If we have DM_RNG enabled populate this value automatically when
> > > > > fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> > > > > it's implementation uses a different source of entropy.
> > > > >
> > > > > As this fdt node is added elsewhere create a library function and
> > > > > use it to deduplicate code.
> > > > >
> > > > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless
> > > > > now
> > > > > but left in place in case boot scripts exist that rely on this command
> > > > > existing and returning success. An informational message is printed to
> > > > > alert users of this command that it is likely no longer needed.
> > > > >
> > > > > Signed-off-by: Tim Harvey
> > > > > ---
> > > > > v2:
> > > > > - fix typo in commit msg
> > > > > - use stack for seed to avoid unecessary malloc/free
> > > > > - move to a library function and deduplicate code by using it
> > > > > elsewhere
> > > > > ---
> > > > > board/xilinx/common/board.c | 35 -
> > > > > boot/fdt_support.c | 10 +
> > > > > boot/pxe_utils.c| 35 +++--
> > > > > cmd/kaslrseed.c | 45
> > > > > ++---
> > > > > include/kaslrseed.h | 17 ++
> > > > > lib/Makefile| 1 +
> > > > > lib/kaslrseed.c | 34
> > > > > 7 files changed, 72 insertions(+), 105 deletions(-)
> > > > > create mode 100644 include/kaslrseed.h
> > > > > create mode 100644 lib/kaslrseed.c
> > > > >
> > > > > diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> > > > > index 30a81376ac41..f741e8957818 100644
> > > > > --- a/board/xilinx/common/board.c
> > > > > +++ b/board/xilinx/common/board.c
> > > > > @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info
> > > > > *bd)
> > > > > if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> > > > > IS_ENABLED(CONFIG_NAND_ZYNQ))
> > > > > fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
> > > > >
> > > > > - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > > > > - debug("No RNG device\n");
> > > > > - return 0;
> > > > > - }
> > > > > -
> > > > > - if (dm_rng_read(dev, buf, n)) {
> > > > > - debug("Reading RNG failed\n");
> > > > > - return 0;
> > > > > - }
> > > > > -
> > > > > - if (!blob) {
> > > > > - debu
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Tue, May 21, 2024 at 9:54 AM Ilias Apalodimas
wrote:
>
> Hi Tim,
>
> On Tue, 21 May 2024 at 19:37, Tim Harvey wrote:
> >
> > On Tue, May 21, 2024 at 5:05 AM Ilias Apalodimas
> > wrote:
> > >
> > > Hi Tim
> > >
> > > On Wed, 15 May 2024 at 23:50, Tim Harvey wrote:
> > > >
> > > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > > > randomize the virtual address at which the kernel image is loaded, it
> > > > expects entropy to be provided by the bootloader by populating
> > > > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
> > >
> > > Since you'll send a v2, mind adding some description for UEFI on the
> > > commit message?
> > > efi_try_purge_kaslr_seed() has a comment of the behaviour
> > >
> >
> > Hi Ilias,
> >
> > Ok, I will add the following to the commit log for clarity:
> > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> > randomization and completely ignores the kaslr-seed for its own
> > randomness needs (i.e the randomization of the physical placement of
> > the kernel). It gets weeded out from the DTB that gets handed over via
> > efi_install_fdt() as it would also mess up the measured boot DTB TPM
> > measurements as well.
> >
> > Does the above mean that I don't need to worry about protecting the
> > call to fdt_kaslrseed() with a check for MEASURED BOOT as
> > efi_install_fdt/efi_try_purge_kaslr_seed always gets called in that
> > case?
>
> There are 2 ways to do measured boot. One is via the bootm command and
> the other is via the EFI protocols.
> CONFIG_MEASURED_BOOT only applies to bootm.
> OTOH kaslr-seed might still have value if EFI_RNG is disabled, even
> when booting with EFI, since the kernel will randomize the virtual
> placement if it finds that.
>
> But in any case, a kaslr-seed entry can't be present in the DTB if you
> plan to measure it.
ok, sounds like I need to use:
if (IS_ENABLED(CONFIG_DM_RNG) &&
!IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) &&
!IS_ENABLED(CONFIG_MEASURED_BOOT) {
fdt_kaslrseed...
}
Thanks,
I'll send a v3 hopefully later today.
Tim
>
> Cheers
> /Ilias
>
> >
> > Best Regards,
> >
> > Tim
> >
> > > Thanks
> > > /Ilias
> > > >
> > > > If we have DM_RNG enabled populate this value automatically when
> > > > fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> > > > it's implementation uses a different source of entropy.
> > > >
> > > > As this fdt node is added elsewhere create a library function and
> > > > use it to deduplicate code.
> > > >
> > > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> > > > but left in place in case boot scripts exist that rely on this command
> > > > existing and returning success. An informational message is printed to
> > > > alert users of this command that it is likely no longer needed.
> > > >
> > > > Signed-off-by: Tim Harvey
> > > > ---
> > > > v2:
> > > > - fix typo in commit msg
> > > > - use stack for seed to avoid unecessary malloc/free
> > > > - move to a library function and deduplicate code by using it elsewhere
> > > > ---
> > > > board/xilinx/common/board.c | 35 -
> > > > boot/fdt_support.c | 10 +
> > > > boot/pxe_utils.c| 35 +++--
> > > > cmd/kaslrseed.c | 45 ++---
> > > > include/kaslrseed.h | 17 ++
> > > > lib/Makefile| 1 +
> > > > lib/kaslrseed.c | 34
> > > > 7 files changed, 72 insertions(+), 105 deletions(-)
> > > > create mode 100644 include/kaslrseed.h
> > > > create mode 100644 lib/kaslrseed.c
> > > >
> > > > diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> > > > index 30a81376ac41..f741e8957818 100644
> > > > --- a/board/xilinx/common/board.c
> > > > +++ b/board/xilinx/common/board.c
> > > > @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> > > > if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> > > > IS_ENABLED(CONFIG_NAND_ZYNQ))
> > > > fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
> > > >
> > > > - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > > > - debug("No RNG device\n");
> > > > - return 0;
> > > > - }
> > > > -
> > > > - if (dm_rng_read(dev, buf, n)) {
> > > > - debug("Reading RNG failed\n");
> > > > - return 0;
> > > > - }
> > > > -
> > > > - if (!blob) {
> > > > - debug("No FDT memory address configured. Please
> > > > configure\n"
> > > > - "the FDT address via \"fdt addr \"
> > > > command.\n"
> > > > - "Aborting!\n");
> > > > - return 0;
> > > > - }
> > > > -
> > > > - ret = fdt_check_header(blob);
> > > > - if (ret < 0) {
> > > > - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> > >
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
Hi Tim,
On Tue, 21 May 2024 at 19:37, Tim Harvey wrote:
>
> On Tue, May 21, 2024 at 5:05 AM Ilias Apalodimas
> wrote:
> >
> > Hi Tim
> >
> > On Wed, 15 May 2024 at 23:50, Tim Harvey wrote:
> > >
> > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > > randomize the virtual address at which the kernel image is loaded, it
> > > expects entropy to be provided by the bootloader by populating
> > > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
> >
> > Since you'll send a v2, mind adding some description for UEFI on the
> > commit message?
> > efi_try_purge_kaslr_seed() has a comment of the behaviour
> >
>
> Hi Ilias,
>
> Ok, I will add the following to the commit log for clarity:
> Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> randomization and completely ignores the kaslr-seed for its own
> randomness needs (i.e the randomization of the physical placement of
> the kernel). It gets weeded out from the DTB that gets handed over via
> efi_install_fdt() as it would also mess up the measured boot DTB TPM
> measurements as well.
>
> Does the above mean that I don't need to worry about protecting the
> call to fdt_kaslrseed() with a check for MEASURED BOOT as
> efi_install_fdt/efi_try_purge_kaslr_seed always gets called in that
> case?
There are 2 ways to do measured boot. One is via the bootm command and
the other is via the EFI protocols.
CONFIG_MEASURED_BOOT only applies to bootm.
OTOH kaslr-seed might still have value if EFI_RNG is disabled, even
when booting with EFI, since the kernel will randomize the virtual
placement if it finds that.
But in any case, a kaslr-seed entry can't be present in the DTB if you
plan to measure it.
Cheers
/Ilias
>
> Best Regards,
>
> Tim
>
> > Thanks
> > /Ilias
> > >
> > > If we have DM_RNG enabled populate this value automatically when
> > > fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> > > it's implementation uses a different source of entropy.
> > >
> > > As this fdt node is added elsewhere create a library function and
> > > use it to deduplicate code.
> > >
> > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> > > but left in place in case boot scripts exist that rely on this command
> > > existing and returning success. An informational message is printed to
> > > alert users of this command that it is likely no longer needed.
> > >
> > > Signed-off-by: Tim Harvey
> > > ---
> > > v2:
> > > - fix typo in commit msg
> > > - use stack for seed to avoid unecessary malloc/free
> > > - move to a library function and deduplicate code by using it elsewhere
> > > ---
> > > board/xilinx/common/board.c | 35 -
> > > boot/fdt_support.c | 10 +
> > > boot/pxe_utils.c| 35 +++--
> > > cmd/kaslrseed.c | 45 ++---
> > > include/kaslrseed.h | 17 ++
> > > lib/Makefile| 1 +
> > > lib/kaslrseed.c | 34
> > > 7 files changed, 72 insertions(+), 105 deletions(-)
> > > create mode 100644 include/kaslrseed.h
> > > create mode 100644 lib/kaslrseed.c
> > >
> > > diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> > > index 30a81376ac41..f741e8957818 100644
> > > --- a/board/xilinx/common/board.c
> > > +++ b/board/xilinx/common/board.c
> > > @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> > > if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> > > IS_ENABLED(CONFIG_NAND_ZYNQ))
> > > fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
> > >
> > > - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > > - debug("No RNG device\n");
> > > - return 0;
> > > - }
> > > -
> > > - if (dm_rng_read(dev, buf, n)) {
> > > - debug("Reading RNG failed\n");
> > > - return 0;
> > > - }
> > > -
> > > - if (!blob) {
> > > - debug("No FDT memory address configured. Please
> > > configure\n"
> > > - "the FDT address via \"fdt addr \"
> > > command.\n"
> > > - "Aborting!\n");
> > > - return 0;
> > > - }
> > > -
> > > - ret = fdt_check_header(blob);
> > > - if (ret < 0) {
> > > - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> > > - return ret;
> > > - }
> > > -
> > > - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
> > > - if (nodeoffset < 0) {
> > > - debug("Reading chosen node failed\n");
> > > - return nodeoffset;
> > > - }
> > > -
> > > - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf,
> > > sizeof(buf));
> > > - if (ret < 0) {
> > > - debug("Unable to set kaslr-seed on chosen node: %s\n",
> > > fdt_strerror(ret));
> >
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Tue, May 21, 2024 at 5:05 AM Ilias Apalodimas
wrote:
>
> Hi Tim
>
> On Wed, 15 May 2024 at 23:50, Tim Harvey wrote:
> >
> > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > randomize the virtual address at which the kernel image is loaded, it
> > expects entropy to be provided by the bootloader by populating
> > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
>
> Since you'll send a v2, mind adding some description for UEFI on the
> commit message?
> efi_try_purge_kaslr_seed() has a comment of the behaviour
>
Hi Ilias,
Ok, I will add the following to the commit log for clarity:
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.
Does the above mean that I don't need to worry about protecting the
call to fdt_kaslrseed() with a check for MEASURED BOOT as
efi_install_fdt/efi_try_purge_kaslr_seed always gets called in that
case?
Best Regards,
Tim
> Thanks
> /Ilias
> >
> > If we have DM_RNG enabled populate this value automatically when
> > fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> > it's implementation uses a different source of entropy.
> >
> > As this fdt node is added elsewhere create a library function and
> > use it to deduplicate code.
> >
> > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> > but left in place in case boot scripts exist that rely on this command
> > existing and returning success. An informational message is printed to
> > alert users of this command that it is likely no longer needed.
> >
> > Signed-off-by: Tim Harvey
> > ---
> > v2:
> > - fix typo in commit msg
> > - use stack for seed to avoid unecessary malloc/free
> > - move to a library function and deduplicate code by using it elsewhere
> > ---
> > board/xilinx/common/board.c | 35 -
> > boot/fdt_support.c | 10 +
> > boot/pxe_utils.c| 35 +++--
> > cmd/kaslrseed.c | 45 ++---
> > include/kaslrseed.h | 17 ++
> > lib/Makefile| 1 +
> > lib/kaslrseed.c | 34
> > 7 files changed, 72 insertions(+), 105 deletions(-)
> > create mode 100644 include/kaslrseed.h
> > create mode 100644 lib/kaslrseed.c
> >
> > diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> > index 30a81376ac41..f741e8957818 100644
> > --- a/board/xilinx/common/board.c
> > +++ b/board/xilinx/common/board.c
> > @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> > if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> > IS_ENABLED(CONFIG_NAND_ZYNQ))
> > fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
> >
> > - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > - debug("No RNG device\n");
> > - return 0;
> > - }
> > -
> > - if (dm_rng_read(dev, buf, n)) {
> > - debug("Reading RNG failed\n");
> > - return 0;
> > - }
> > -
> > - if (!blob) {
> > - debug("No FDT memory address configured. Please configure\n"
> > - "the FDT address via \"fdt addr \"
> > command.\n"
> > - "Aborting!\n");
> > - return 0;
> > - }
> > -
> > - ret = fdt_check_header(blob);
> > - if (ret < 0) {
> > - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> > - return ret;
> > - }
> > -
> > - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
> > - if (nodeoffset < 0) {
> > - debug("Reading chosen node failed\n");
> > - return nodeoffset;
> > - }
> > -
> > - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> > - if (ret < 0) {
> > - debug("Unable to set kaslr-seed on chosen node: %s\n",
> > fdt_strerror(ret));
> > - return ret;
> > - }
> > -
> > return 0;
> > }
> > #endif
> > diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> > index 874ca4d6f5af..3455d60d69dc 100644
> > --- a/boot/fdt_support.c
> > +++ b/boot/fdt_support.c
> > @@ -8,6 +8,7 @@
> >
> > #include
> > #include
> > +#include
> > #include
> > #include
> > #include
> > @@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
> > if (nodeoffset < 0)
> > return nodeoffset;
> >
> > + if (IS_ENABLED(CONFIG_DM_RNG) &&
> > !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
> > + err = fdt_kaslrseed(fdt);
> > + if (err) {
> > + printf("WARNING: could not se
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
Hi Tim
On Wed, 15 May 2024 at 23:50, Tim Harvey wrote:
>
> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> randomize the virtual address at which the kernel image is loaded, it
> expects entropy to be provided by the bootloader by populating
> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
Since you'll send a v2, mind adding some description for UEFI on the
commit message?
efi_try_purge_kaslr_seed() has a comment of the behaviour
Thanks
/Ilias
>
> If we have DM_RNG enabled populate this value automatically when
> fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> it's implementation uses a different source of entropy.
>
> As this fdt node is added elsewhere create a library function and
> use it to deduplicate code.
>
> Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> but left in place in case boot scripts exist that rely on this command
> existing and returning success. An informational message is printed to
> alert users of this command that it is likely no longer needed.
>
> Signed-off-by: Tim Harvey
> ---
> v2:
> - fix typo in commit msg
> - use stack for seed to avoid unecessary malloc/free
> - move to a library function and deduplicate code by using it elsewhere
> ---
> board/xilinx/common/board.c | 35 -
> boot/fdt_support.c | 10 +
> boot/pxe_utils.c| 35 +++--
> cmd/kaslrseed.c | 45 ++---
> include/kaslrseed.h | 17 ++
> lib/Makefile| 1 +
> lib/kaslrseed.c | 34
> 7 files changed, 72 insertions(+), 105 deletions(-)
> create mode 100644 include/kaslrseed.h
> create mode 100644 lib/kaslrseed.c
>
> diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> index 30a81376ac41..f741e8957818 100644
> --- a/board/xilinx/common/board.c
> +++ b/board/xilinx/common/board.c
> @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> IS_ENABLED(CONFIG_NAND_ZYNQ))
> fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
>
> - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> - debug("No RNG device\n");
> - return 0;
> - }
> -
> - if (dm_rng_read(dev, buf, n)) {
> - debug("Reading RNG failed\n");
> - return 0;
> - }
> -
> - if (!blob) {
> - debug("No FDT memory address configured. Please configure\n"
> - "the FDT address via \"fdt addr \" command.\n"
> - "Aborting!\n");
> - return 0;
> - }
> -
> - ret = fdt_check_header(blob);
> - if (ret < 0) {
> - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> - return ret;
> - }
> -
> - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
> - if (nodeoffset < 0) {
> - debug("Reading chosen node failed\n");
> - return nodeoffset;
> - }
> -
> - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> - if (ret < 0) {
> - debug("Unable to set kaslr-seed on chosen node: %s\n",
> fdt_strerror(ret));
> - return ret;
> - }
> -
> return 0;
> }
> #endif
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> index 874ca4d6f5af..3455d60d69dc 100644
> --- a/boot/fdt_support.c
> +++ b/boot/fdt_support.c
> @@ -8,6 +8,7 @@
>
> #include
> #include
> +#include
> #include
> #include
> #include
> @@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
> if (nodeoffset < 0)
> return nodeoffset;
>
> + if (IS_ENABLED(CONFIG_DM_RNG) &&
> !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
> + err = fdt_kaslrseed(fdt);
> + if (err) {
> + printf("WARNING: could not set kaslr-seed %s.\n",
> + fdt_strerror(err));
> + return err;
> + }
> + }
> +
> if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
> err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> abuf_data(&buf), abuf_size(&buf));
> diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
> index 4b22bb6f525a..8d70233fc08d 100644
> --- a/boot/pxe_utils.c
> +++ b/boot/pxe_utils.c
> @@ -8,6 +8,7 @@
> #include
> #include
> #include
> +#include
> #include
> #include
> #include
> @@ -323,10 +324,6 @@ static void label_boot_kaslrseed(void)
> #if CONFIG_IS_ENABLED(DM_RNG)
> ulong fdt_addr;
> struct fdt_header *working_fdt;
> - size_t n = 0x8;
> - struct udevice *dev;
> - u64 *buf;
> - int nodeoffset;
> int err;
>
> /* Get the main fdt and map it */
> @@ -
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On 5/20/24 18:37, Tim Harvey wrote:
On Mon, May 20, 2024 at 1:29 AM Michal Simek wrote:
Hi Tim,
On 5/16/24 17:58, Tim Harvey wrote:
On Wed, May 15, 2024 at 1:50 PM Tim Harvey wrote:
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
If we have DM_RNG enabled populate this value automatically when
fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
it's implementation uses a different source of entropy.
As this fdt node is added elsewhere create a library function and
use it to deduplicate code.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.
Signed-off-by: Tim Harvey
---
v2:
- fix typo in commit msg
- use stack for seed to avoid unecessary malloc/free
- move to a library function and deduplicate code by using it elsewhere
---
board/xilinx/common/board.c | 35 -
boot/fdt_support.c | 10 +
boot/pxe_utils.c| 35 +++--
cmd/kaslrseed.c | 45 ++---
include/kaslrseed.h | 17 ++
lib/Makefile| 1 +
lib/kaslrseed.c | 34
7 files changed, 72 insertions(+), 105 deletions(-)
create mode 100644 include/kaslrseed.h
create mode 100644 lib/kaslrseed.c
diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
index 30a81376ac41..f741e8957818 100644
--- a/board/xilinx/common/board.c
+++ b/board/xilinx/common/board.c
@@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
IS_ENABLED(CONFIG_NAND_ZYNQ))
fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
- debug("No RNG device\n");
- return 0;
- }
-
- if (dm_rng_read(dev, buf, n)) {
- debug("Reading RNG failed\n");
- return 0;
- }
-
- if (!blob) {
- debug("No FDT memory address configured. Please configure\n"
- "the FDT address via \"fdt addr \" command.\n"
- "Aborting!\n");
- return 0;
- }
-
- ret = fdt_check_header(blob);
- if (ret < 0) {
- debug("fdt_chosen: %s\n", fdt_strerror(ret));
- return ret;
- }
-
- nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
- if (nodeoffset < 0) {
- debug("Reading chosen node failed\n");
- return nodeoffset;
- }
-
- ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf));
- if (ret < 0) {
- debug("Unable to set kaslr-seed on chosen node: %s\n",
fdt_strerror(ret));
- return ret;
- }
-
return 0;
}
#endif
diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index 874ca4d6f5af..3455d60d69dc 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -8,6 +8,7 @@
#include
#include
+#include
#include
#include
#include
@@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
if (nodeoffset < 0)
return nodeoffset;
+ if (IS_ENABLED(CONFIG_DM_RNG) &&
!IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
+ err = fdt_kaslrseed(fdt);
+ if (err) {
+ printf("WARNING: could not set kaslr-seed %s.\n",
+ fdt_strerror(err));
+ return err;
+ }
+ }
+
if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
err = fdt_setprop(fdt, nodeoffset, "rng-seed",
abuf_data(&buf), abuf_size(&buf));
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index 4b22bb6f525a..8d70233fc08d 100644
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c
@@ -8,6 +8,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -323,10 +324,6 @@ static void label_boot_kaslrseed(void)
#if CONFIG_IS_ENABLED(DM_RNG)
ulong fdt_addr;
struct fdt_header *working_fdt;
- size_t n = 0x8;
- struct udevice *dev;
- u64 *buf;
- int nodeoffset;
int err;
/* Get the main fdt and map it */
@@ -342,35 +339,9 @@ static void label_boot_kaslrseed(void)
if (err <= 0)
return;
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
- printf("No RNG device\n
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Mon, May 20, 2024 at 1:29 AM Michal Simek wrote:
>
> Hi Tim,
>
> On 5/16/24 17:58, Tim Harvey wrote:
> > On Wed, May 15, 2024 at 1:50 PM Tim Harvey wrote:
> >>
> >> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> >> randomize the virtual address at which the kernel image is loaded, it
> >> expects entropy to be provided by the bootloader by populating
> >> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
> >>
> >> If we have DM_RNG enabled populate this value automatically when
> >> fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> >> it's implementation uses a different source of entropy.
> >>
> >> As this fdt node is added elsewhere create a library function and
> >> use it to deduplicate code.
> >>
> >> Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> >> but left in place in case boot scripts exist that rely on this command
> >> existing and returning success. An informational message is printed to
> >> alert users of this command that it is likely no longer needed.
> >>
> >> Signed-off-by: Tim Harvey
> >> ---
> >> v2:
> >> - fix typo in commit msg
> >> - use stack for seed to avoid unecessary malloc/free
> >> - move to a library function and deduplicate code by using it elsewhere
> >> ---
> >> board/xilinx/common/board.c | 35 -
> >> boot/fdt_support.c | 10 +
> >> boot/pxe_utils.c| 35 +++--
> >> cmd/kaslrseed.c | 45 ++---
> >> include/kaslrseed.h | 17 ++
> >> lib/Makefile| 1 +
> >> lib/kaslrseed.c | 34
> >> 7 files changed, 72 insertions(+), 105 deletions(-)
> >> create mode 100644 include/kaslrseed.h
> >> create mode 100644 lib/kaslrseed.c
> >>
> >> diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> >> index 30a81376ac41..f741e8957818 100644
> >> --- a/board/xilinx/common/board.c
> >> +++ b/board/xilinx/common/board.c
> >> @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> >> if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> >> IS_ENABLED(CONFIG_NAND_ZYNQ))
> >> fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
> >>
> >> - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> >> - debug("No RNG device\n");
> >> - return 0;
> >> - }
> >> -
> >> - if (dm_rng_read(dev, buf, n)) {
> >> - debug("Reading RNG failed\n");
> >> - return 0;
> >> - }
> >> -
> >> - if (!blob) {
> >> - debug("No FDT memory address configured. Please
> >> configure\n"
> >> - "the FDT address via \"fdt addr \"
> >> command.\n"
> >> - "Aborting!\n");
> >> - return 0;
> >> - }
> >> -
> >> - ret = fdt_check_header(blob);
> >> - if (ret < 0) {
> >> - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> >> - return ret;
> >> - }
> >> -
> >> - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
> >> - if (nodeoffset < 0) {
> >> - debug("Reading chosen node failed\n");
> >> - return nodeoffset;
> >> - }
> >> -
> >> - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf,
> >> sizeof(buf));
> >> - if (ret < 0) {
> >> - debug("Unable to set kaslr-seed on chosen node: %s\n",
> >> fdt_strerror(ret));
> >> - return ret;
> >> - }
> >> -
> >> return 0;
> >> }
> >> #endif
> >> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> >> index 874ca4d6f5af..3455d60d69dc 100644
> >> --- a/boot/fdt_support.c
> >> +++ b/boot/fdt_support.c
> >> @@ -8,6 +8,7 @@
> >>
> >> #include
> >> #include
> >> +#include
> >> #include
> >> #include
> >> #include
> >> @@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
> >> if (nodeoffset < 0)
> >> return nodeoffset;
> >>
> >> + if (IS_ENABLED(CONFIG_DM_RNG) &&
> >> !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
> >> + err = fdt_kaslrseed(fdt);
> >> + if (err) {
> >> + printf("WARNING: could not set kaslr-seed %s.\n",
> >> + fdt_strerror(err));
> >> + return err;
> >> + }
> >> + }
> >> +
> >> if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
> >> err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> >>abuf_data(&buf), abuf_size(&buf));
> >> diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
> >> index 4b22bb6f525a..8d70233fc08d 100644
> >> --- a/boot/pxe_utils.c
> >> +++ b/boot/pxe_utils.c
> >> @@ -8,6 +8,7 @@
> >> #include
> >> #include
> >> #include
> >> +#include
> >> #include
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
Hi Tim,
On 5/16/24 17:58, Tim Harvey wrote:
On Wed, May 15, 2024 at 1:50 PM Tim Harvey wrote:
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
If we have DM_RNG enabled populate this value automatically when
fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
it's implementation uses a different source of entropy.
As this fdt node is added elsewhere create a library function and
use it to deduplicate code.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.
Signed-off-by: Tim Harvey
---
v2:
- fix typo in commit msg
- use stack for seed to avoid unecessary malloc/free
- move to a library function and deduplicate code by using it elsewhere
---
board/xilinx/common/board.c | 35 -
boot/fdt_support.c | 10 +
boot/pxe_utils.c| 35 +++--
cmd/kaslrseed.c | 45 ++---
include/kaslrseed.h | 17 ++
lib/Makefile| 1 +
lib/kaslrseed.c | 34
7 files changed, 72 insertions(+), 105 deletions(-)
create mode 100644 include/kaslrseed.h
create mode 100644 lib/kaslrseed.c
diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
index 30a81376ac41..f741e8957818 100644
--- a/board/xilinx/common/board.c
+++ b/board/xilinx/common/board.c
@@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
IS_ENABLED(CONFIG_NAND_ZYNQ))
fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
- debug("No RNG device\n");
- return 0;
- }
-
- if (dm_rng_read(dev, buf, n)) {
- debug("Reading RNG failed\n");
- return 0;
- }
-
- if (!blob) {
- debug("No FDT memory address configured. Please configure\n"
- "the FDT address via \"fdt addr \" command.\n"
- "Aborting!\n");
- return 0;
- }
-
- ret = fdt_check_header(blob);
- if (ret < 0) {
- debug("fdt_chosen: %s\n", fdt_strerror(ret));
- return ret;
- }
-
- nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
- if (nodeoffset < 0) {
- debug("Reading chosen node failed\n");
- return nodeoffset;
- }
-
- ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf));
- if (ret < 0) {
- debug("Unable to set kaslr-seed on chosen node: %s\n",
fdt_strerror(ret));
- return ret;
- }
-
return 0;
}
#endif
diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index 874ca4d6f5af..3455d60d69dc 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -8,6 +8,7 @@
#include
#include
+#include
#include
#include
#include
@@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
if (nodeoffset < 0)
return nodeoffset;
+ if (IS_ENABLED(CONFIG_DM_RNG) &&
!IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
+ err = fdt_kaslrseed(fdt);
+ if (err) {
+ printf("WARNING: could not set kaslr-seed %s.\n",
+ fdt_strerror(err));
+ return err;
+ }
+ }
+
if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
err = fdt_setprop(fdt, nodeoffset, "rng-seed",
abuf_data(&buf), abuf_size(&buf));
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index 4b22bb6f525a..8d70233fc08d 100644
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c
@@ -8,6 +8,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -323,10 +324,6 @@ static void label_boot_kaslrseed(void)
#if CONFIG_IS_ENABLED(DM_RNG)
ulong fdt_addr;
struct fdt_header *working_fdt;
- size_t n = 0x8;
- struct udevice *dev;
- u64 *buf;
- int nodeoffset;
int err;
/* Get the main fdt and map it */
@@ -342,35 +339,9 @@ static void label_boot_kaslrseed(void)
if (err <= 0)
return;
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
- printf("No RNG device\n");
- return;
- }
-
- nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
- if (nodeoffset <
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Thu, May 16, 2024 at 08:58:09AM -0700, Tim Harvey wrote:
> On Wed, May 15, 2024 at 1:50 PM Tim Harvey wrote:
> >
> > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > randomize the virtual address at which the kernel image is loaded, it
> > expects entropy to be provided by the bootloader by populating
> > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
> >
> > If we have DM_RNG enabled populate this value automatically when
> > fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> > it's implementation uses a different source of entropy.
> >
> > As this fdt node is added elsewhere create a library function and
> > use it to deduplicate code.
> >
> > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> > but left in place in case boot scripts exist that rely on this command
> > existing and returning success. An informational message is printed to
> > alert users of this command that it is likely no longer needed.
> >
> > Signed-off-by: Tim Harvey
> > ---
> > v2:
> > - fix typo in commit msg
> > - use stack for seed to avoid unecessary malloc/free
> > - move to a library function and deduplicate code by using it elsewhere
> > ---
> > board/xilinx/common/board.c | 35 -
> > boot/fdt_support.c | 10 +
> > boot/pxe_utils.c| 35 +++--
> > cmd/kaslrseed.c | 45 ++---
> > include/kaslrseed.h | 17 ++
> > lib/Makefile| 1 +
> > lib/kaslrseed.c | 34
> > 7 files changed, 72 insertions(+), 105 deletions(-)
> > create mode 100644 include/kaslrseed.h
> > create mode 100644 lib/kaslrseed.c
> >
> > diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> > index 30a81376ac41..f741e8957818 100644
> > --- a/board/xilinx/common/board.c
> > +++ b/board/xilinx/common/board.c
> > @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> > if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> > IS_ENABLED(CONFIG_NAND_ZYNQ))
> > fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
> >
> > - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > - debug("No RNG device\n");
> > - return 0;
> > - }
> > -
> > - if (dm_rng_read(dev, buf, n)) {
> > - debug("Reading RNG failed\n");
> > - return 0;
> > - }
> > -
> > - if (!blob) {
> > - debug("No FDT memory address configured. Please configure\n"
> > - "the FDT address via \"fdt addr \"
> > command.\n"
> > - "Aborting!\n");
> > - return 0;
> > - }
> > -
> > - ret = fdt_check_header(blob);
> > - if (ret < 0) {
> > - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> > - return ret;
> > - }
> > -
> > - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
> > - if (nodeoffset < 0) {
> > - debug("Reading chosen node failed\n");
> > - return nodeoffset;
> > - }
> > -
> > - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> > - if (ret < 0) {
> > - debug("Unable to set kaslr-seed on chosen node: %s\n",
> > fdt_strerror(ret));
> > - return ret;
> > - }
> > -
> > return 0;
> > }
> > #endif
> > diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> > index 874ca4d6f5af..3455d60d69dc 100644
> > --- a/boot/fdt_support.c
> > +++ b/boot/fdt_support.c
> > @@ -8,6 +8,7 @@
> >
> > #include
> > #include
> > +#include
> > #include
> > #include
> > #include
> > @@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
> > if (nodeoffset < 0)
> > return nodeoffset;
> >
> > + if (IS_ENABLED(CONFIG_DM_RNG) &&
> > !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
> > + err = fdt_kaslrseed(fdt);
> > + if (err) {
> > + printf("WARNING: could not set kaslr-seed %s.\n",
> > + fdt_strerror(err));
> > + return err;
> > + }
> > + }
> > +
> > if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
> > err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> > abuf_data(&buf), abuf_size(&buf));
> > diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
> > index 4b22bb6f525a..8d70233fc08d 100644
> > --- a/boot/pxe_utils.c
> > +++ b/boot/pxe_utils.c
> > @@ -8,6 +8,7 @@
> > #include
> > #include
> > #include
> > +#include
> > #include
> > #include
> > #include
> > @@ -323,10 +324,6 @@ static void label_boot_kaslrseed(void)
> > #if CONFIG_IS_ENABLED(DM_RNG)
> > ulong fdt_addr;
> > struct fdt_header *working_fdt;
> > - si
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Wed, May 15, 2024 at 1:50 PM Tim Harvey wrote:
>
> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> randomize the virtual address at which the kernel image is loaded, it
> expects entropy to be provided by the bootloader by populating
> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
>
> If we have DM_RNG enabled populate this value automatically when
> fdt_chosen is called unless ARMV8_SEC_FIRMWARE_SUPPORT is enabled as
> it's implementation uses a different source of entropy.
>
> As this fdt node is added elsewhere create a library function and
> use it to deduplicate code.
>
> Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
> but left in place in case boot scripts exist that rely on this command
> existing and returning success. An informational message is printed to
> alert users of this command that it is likely no longer needed.
>
> Signed-off-by: Tim Harvey
> ---
> v2:
> - fix typo in commit msg
> - use stack for seed to avoid unecessary malloc/free
> - move to a library function and deduplicate code by using it elsewhere
> ---
> board/xilinx/common/board.c | 35 -
> boot/fdt_support.c | 10 +
> boot/pxe_utils.c| 35 +++--
> cmd/kaslrseed.c | 45 ++---
> include/kaslrseed.h | 17 ++
> lib/Makefile| 1 +
> lib/kaslrseed.c | 34
> 7 files changed, 72 insertions(+), 105 deletions(-)
> create mode 100644 include/kaslrseed.h
> create mode 100644 lib/kaslrseed.c
>
> diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c
> index 30a81376ac41..f741e8957818 100644
> --- a/board/xilinx/common/board.c
> +++ b/board/xilinx/common/board.c
> @@ -713,41 +713,6 @@ int ft_board_setup(void *blob, struct bd_info *bd)
> if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) &&
> IS_ENABLED(CONFIG_NAND_ZYNQ))
> fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
>
> - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> - debug("No RNG device\n");
> - return 0;
> - }
> -
> - if (dm_rng_read(dev, buf, n)) {
> - debug("Reading RNG failed\n");
> - return 0;
> - }
> -
> - if (!blob) {
> - debug("No FDT memory address configured. Please configure\n"
> - "the FDT address via \"fdt addr \" command.\n"
> - "Aborting!\n");
> - return 0;
> - }
> -
> - ret = fdt_check_header(blob);
> - if (ret < 0) {
> - debug("fdt_chosen: %s\n", fdt_strerror(ret));
> - return ret;
> - }
> -
> - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
> - if (nodeoffset < 0) {
> - debug("Reading chosen node failed\n");
> - return nodeoffset;
> - }
> -
> - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> - if (ret < 0) {
> - debug("Unable to set kaslr-seed on chosen node: %s\n",
> fdt_strerror(ret));
> - return ret;
> - }
> -
> return 0;
> }
> #endif
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> index 874ca4d6f5af..3455d60d69dc 100644
> --- a/boot/fdt_support.c
> +++ b/boot/fdt_support.c
> @@ -8,6 +8,7 @@
>
> #include
> #include
> +#include
> #include
> #include
> #include
> @@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
> if (nodeoffset < 0)
> return nodeoffset;
>
> + if (IS_ENABLED(CONFIG_DM_RNG) &&
> !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
> + err = fdt_kaslrseed(fdt);
> + if (err) {
> + printf("WARNING: could not set kaslr-seed %s.\n",
> + fdt_strerror(err));
> + return err;
> + }
> + }
> +
> if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
> err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> abuf_data(&buf), abuf_size(&buf));
> diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
> index 4b22bb6f525a..8d70233fc08d 100644
> --- a/boot/pxe_utils.c
> +++ b/boot/pxe_utils.c
> @@ -8,6 +8,7 @@
> #include
> #include
> #include
> +#include
> #include
> #include
> #include
> @@ -323,10 +324,6 @@ static void label_boot_kaslrseed(void)
> #if CONFIG_IS_ENABLED(DM_RNG)
> ulong fdt_addr;
> struct fdt_header *working_fdt;
> - size_t n = 0x8;
> - struct udevice *dev;
> - u64 *buf;
> - int nodeoffset;
> int err;
>
> /* Get the main fdt and map it */
> @@ -342,35 +339,9 @@ static void label_boot_kaslrseed(void)
> if (err <= 0)
> return;
>
> - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On 5/15/24 11:11 PM, Tim Harvey wrote:
On Wed, May 15, 2024 at 2:06 PM Marek Vasut wrote:
On 5/15/24 10:50 PM, Tim Harvey wrote:
[...]
diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index 874ca4d6f5af..3455d60d69dc 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -8,6 +8,7 @@
#include
#include
+#include
#include
#include
#include
@@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
if (nodeoffset < 0)
return nodeoffset;
+ if (IS_ENABLED(CONFIG_DM_RNG) && !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT))
{
+ err = fdt_kaslrseed(fdt);
+ if (err) {
+ printf("WARNING: could not set kaslr-seed %s.\n",
+fdt_strerror(err));
+ return err;
Is this warning really a critical boot-breaking error ?
no, and in fact I'm printing a warning inside of fdt_kaslrseed so I
can remove the duplication of error prints in the various other places
it's called as well.
Thanks for pointing that out!
Glad I could help.
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On Wed, May 15, 2024 at 2:06 PM Marek Vasut wrote:
>
> On 5/15/24 10:50 PM, Tim Harvey wrote:
>
> [...]
>
> > diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> > index 874ca4d6f5af..3455d60d69dc 100644
> > --- a/boot/fdt_support.c
> > +++ b/boot/fdt_support.c
> > @@ -8,6 +8,7 @@
> >
> > #include
> > #include
> > +#include
> > #include
> > #include
> > #include
> > @@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
> > if (nodeoffset < 0)
> > return nodeoffset;
> >
> > + if (IS_ENABLED(CONFIG_DM_RNG) &&
> > !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
> > + err = fdt_kaslrseed(fdt);
> > + if (err) {
> > + printf("WARNING: could not set kaslr-seed %s.\n",
> > +fdt_strerror(err));
> > + return err;
>
> Is this warning really a critical boot-breaking error ?
no, and in fact I'm printing a warning inside of fdt_kaslrseed so I
can remove the duplication of error prints in the various other places
it's called as well.
Thanks for pointing that out!
Best Regards,
Tim
>
> > + }
> > + }
> > +
> > if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
> > err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> > abuf_data(&buf), abuf_size(&buf));
>
> [...]
>
> The rest looks good !
Re: [PATCH v2] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
On 5/15/24 10:50 PM, Tim Harvey wrote:
[...]
diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index 874ca4d6f5af..3455d60d69dc 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -8,6 +8,7 @@
#include
#include
+#include
#include
#include
#include
@@ -300,6 +301,15 @@ int fdt_chosen(void *fdt)
if (nodeoffset < 0)
return nodeoffset;
+ if (IS_ENABLED(CONFIG_DM_RNG) && !IS_ENABLED(ARMV8_SEC_FIRMWARE_SUPPORT)) {
+ err = fdt_kaslrseed(fdt);
+ if (err) {
+ printf("WARNING: could not set kaslr-seed %s.\n",
+ fdt_strerror(err));
+ return err;
Is this warning really a critical boot-breaking error ?
+ }
+ }
+
if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
err = fdt_setprop(fdt, nodeoffset, "rng-seed",
abuf_data(&buf), abuf_size(&buf));
[...]
The rest looks good !
