On Thu, 30 May 2024 at 16:06, Tim Harvey <thar...@gateworks.com> wrote: > > Use the fdt_kaslrseed function to deduplicate code doing the same thing. > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now > but left in place in case boot scripts exist that rely on this command > existing and returning success. An informational message is printed to > alert users of this command that it is likely no longer needed. > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for > randomization and completely ignores the kaslr-seed for its own > randomness needs (i.e the randomization of the physical placement of > the kernel). It gets weeded out from the DTB that gets handed over via > efi_install_fdt() as it would also mess up the measured boot DTB TPM > measurements as well. > > Signed-off-by: Tim Harvey <thar...@gateworks.com> > Cc: Michal Simek <michal.si...@amd.com> > Cc: Andy Yan <andy....@rock-chips.com> > Cc: Akash Gajjar <gajjar04ak...@gmail.com> > Cc: Ilias Apalodimas <ilias.apalodi...@linaro.org> > Cc: Simon Glass <s...@chromium.org> > Cc: Patrick Delaunay <patrick.delau...@foss.st.com> > Cc: Patrice Chotard <patrice.chot...@foss.st.com> > Cc: Devarsh Thakkar <devar...@ti.com> > Cc: Heinrich Schuchardt <xypron.g...@gmx.de> > Cc: Hugo Villeneuve <hvillene...@dimonoff.com> > Cc: Marek Vasut <ma...@denx.de> > Cc: Tom Rini <tr...@konsulko.com> > Cc: Chris Morgan <macromor...@hotmail.com> > --- > v5: > - fixed typo in commit message s/it's/its/ > - use cmd_process_error per Michal's suggestion > v4: > - add missing /n to notice in kaslrseed cmd > - combine ints in declaration > - remove unused vars from board/xilinx/common/board.c ft_board_setup > v3: > - skip if CONFIG_MEASURED_BOOT > - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT > - pass in rng index and bool to specify overwrite > - remove duplicate error strings printed outside of fdt_kaslrseed > - added note to commit log about how EFI STUB weeds out kalsr-seed > v2: > - fix typo in commit msg > - use stack for seed to avoid unecessary malloc/free > - move to a library function and deduplicate code by using it > elsewhere > --- > board/xilinx/common/board.c | 40 ------------------------------ > boot/pxe_utils.c | 34 +------------------------ > cmd/kaslrseed.c | 49 ++++++------------------------------- > 3 files changed, 8 insertions(+), 115 deletions(-) >
Reviewed-by: Simon Glass <s...@chromium.org>
