[U-Boot] [PATCH] ARMv8/sec_firmware : Update chosen/kaslr-seed

Ruchika Gupta ruchika.gupta at nxp.com
Wed May 17 03:23:32 UTC 2017 


> -----Original Message-----
> From: Poonam Aggrwal
> Sent: Monday, May 15, 2017 9:27 AM
> To: Ruchika Gupta <ruchika.gupta at nxp.com>; u-boot at lists.denx.de;
> sun.york at nxp.com; Prabhakar Kushwaha <prabhakar.kushwaha at nxp.com>
> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>
> Subject: RE: [U-Boot] [PATCH] ARMv8/sec_firmware : Update chosen/kaslr-
> seed
> 
> 
> 
> -----Original Message-----
> From: U-Boot [mailto:u-boot-bounces at lists.denx.de] On Behalf Of Ruchika
> Gupta
> Sent: Saturday, May 13, 2017 5:37 AM
> To: u-boot at lists.denx.de; sun.york at nxp.com; Prabhakar Kushwaha
> <prabhakar.kushwaha at nxp.com>
> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>
> Subject: [U-Boot] [PATCH] ARMv8/sec_firmware : Update chosen/kaslr-seed
> 
> kASLR support in kernel requires a random number to be passed via
> chosen/kaslr-seed propert. sec_firmware generates this random seed which
> can then be passed in the device tree node
> 
> sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from
> device-tree.
> 
> Signed-off-by: Ruchika Gupta <ruchika.gupta at nxp.com>
> ---
>  arch/arm/cpu/armv8/fsl-layerscape/fdt.c   | 73
> +++++++++++++++++++++++++++++++
>  arch/arm/cpu/armv8/sec_firmware.c         | 53 ++++++++++++++++++++++
>  arch/arm/include/asm/armv8/sec_firmware.h |  9 ++++
>  3 files changed, 135 insertions(+)
> >> Good to have some documentation of this feature in doc/README.XXX
> 
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c
> b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c
> index 05c4577..d4ca129 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c
> @@ -345,6 +345,75 @@ static void fdt_fixup_msi(void *blob)  }  #endif
> 
> +
> +int fdt_fixup_kaslr(void *fdt)
> +{
> +	int nodeoffset;
> +	int err, ret = 0;
> +	u8 rand[8];
> +
> +#if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)
> +	/* Check if random seed generation is  supported */
> +	if (sec_firmware_support_hwrng() == false)
> +		return 0;
> +
> +	ret = sec_firmware_get_random(rand, 8);
> +	if (ret < 0) {
> +		printf("WARNING: could not get random number to set",
> +		       "kaslr-seed\n");
> +		return 0;
> +	}
> +
> +	err = fdt_check_header(fdt);
> +	if (err < 0) {
> +		printf("fdt_chosen: %s\n", fdt_strerror(err));
> +		return 0;
> +	}
> +
> +	/* find or create "/chosen" node. */
> +	nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen");
> +	if (nodeoffset < 0)
> +		return 0;
> +
> +	err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand,
> +
> >> Are the device-tree bindings approved  for " kaslr-seed" in Linux?
> >> just thinking, how this feature will work, in kexec type of usecases, in that
> case probably this logic should go in the kexec logic of the kernel.
Linux - arch/arm64/Kconfig --> config_option RANDOMIZE_BASE requires the bootloader to pass
random u64 value via chosen/kaslr-seed
> 
Ruchika

More information about the U-Boot mailing list