[U-Boot] [PATCH] ARMv8/sec_firmware : Update chosen/kaslr-seed

[Mark Kettenis]

> From: Peter Robinson <pbrobinson at gmail.com>
> Date: Wed, 17 May 2017 09:17:47 +0100
> 
> >> -----Original Message-----
> >> From: Peter Robinson [mailto:pbrobinson at gmail.com]
> >> Sent: Monday, May 15, 2017 6:18 PM
> >> To: Ruchika Gupta <ruchika.gupta at nxp.com>
> >> Cc: u-boot at lists.denx.de; sun.york at nxp.com; Prabhakar Kushwaha
> >> <prabhakar.kushwaha at nxp.com>
> >> Subject: Re: [U-Boot] [PATCH] ARMv8/sec_firmware : Update chosen/kaslr-
> >> seed
> >>
> >> On Sat, May 13, 2017 at 1:07 AM, Ruchika Gupta <ruchika.gupta at nxp.com>
> >> wrote:
> >> > kASLR support in kernel requires a random number to be passed via
> >> > chosen/kaslr-seed propert. sec_firmware generates this random seed
> >> > which can then be passed in the device tree node
> >>
> >> Is that functionality generic that it can be consumed by other devices?
> > Sec firmware is proprietary firmware which provides this random seed using HW engine on NXP devices.
> > Other devices would need to generate their own random seed to be passed as this property.
> 
> yes, my point was more shouldn't there be a generic framework for this
> as the functionality isn't unique to the HW engine on the NXP devices,
> even if the HW is, and kASLR is a pretty generic requirement.
> 
> I know Tom, Alexander, myself and others discussed such a thing at ELC
> in Portland in February and if memory serves providing that seed via
> the uefi boot services (I may have that terminology wrong) for ARMv8.
> Tom/Alexander do you remember the details of that conversation, know
> if anyone was working on it?

Having an implementation of EFI_RNG_PROTOCOL in U-Boot would be great.
On OpenBSD we would defenitely use that to have our ARM bootloaders
initialize the kernel .openbsd.randomdata[1] segment.

[1] https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec/ld.so/SPECS.randomdata?rev=1.2&content-type=text/x-cvsweb-markup