[PATCH 1/2] cmd: kaslrseed: add command to generate value from hwrng

Simon Glass sjg at chromium.org
Sun Oct 24 21:53:28 CEST 2021 

Hi,

On Fri, 15 Oct 2021 at 23:48, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
> Am 15. Oktober 2021 14:54:03 MESZ schrieb Kever Yang <kever.yang at rock-chips.com>:
> >Reviewed-by: Kever Yang <kever.yang at rock-chips.com>
> >
> >
> >Thanks,
> >- Kever
> >
> >Chris Morgan <macroalpha82 at gmail.com> 于2021年8月26日周四 上午12:23写道:
> >>
> >> From: Chris Morgan <macromorgan at hotmail.com>
> >>
> >> Allow the kaslr-seed value in the chosen node to be set from a hardware
> >> rng source.
> >>
> >> Tested on a Rockchip PX30 (Odroid Go Advance), you must have loaded
> >> the devicetree first and prepared it for editing. On my device the
> >> workflow goes as follows:
> >>
> >> setenv dtb_loadaddr "0x01f00000"
> >> load mmc 0:1 ${dtb_loadaddr} rk3326-odroid-go2.dtb
> >> fdt addr ${dtb_loadaddr}
> >> fdt resize
> >> kaslrseed
>
> This seems overly complicated. Why don't you add the seed in the board fixup routines in dependence on a Kconfig symbol.

I had the same thought. But perhaps we should be getting out of the
'fixup' business? That itself is complicated, with various different
levels of fixup. Perhaps a programmatic approach makes more sense?

So:

Reviewed-by: Simon Glass <sjg at chromium.org>


>
> Best regards
>
> Heinrich
>
>
> >>
> >> and the output can be seen here:
> >> fdt print /chosen
> >> chosen {
> >>         kaslr-seed = <0x6f61df74 0x6f7b996c>;
> >>         stdout-path = "serial2:115200n8";
> >> };
> >>
> >> Signed-off-by: Chris Morgan <macromorgan at hotmail.com>
> >> ---
> >>  cmd/Kconfig     |  7 +++++
> >>  cmd/Makefile    |  1 +
> >>  cmd/kaslrseed.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++
> >>  3 files changed, 89 insertions(+)
> >>  create mode 100644 cmd/kaslrseed.c
> >>
> >> diff --git a/cmd/Kconfig b/cmd/Kconfig
> >> index ffef3cc76c..e62adff939 100644
> >> --- a/cmd/Kconfig
> >> +++ b/cmd/Kconfig
> >> @@ -1790,6 +1790,13 @@ config CMD_RNG
> >>         help
> >>           Print bytes from the hardware random number generator.
> >>
> >> +config CMD_KASLRSEED
> >> +       bool "kaslrseed"
> >> +       depends on DM_RNG
> >> +       help
> >> +         Set the kaslr-seed in the chosen node with entropy provided by a
> >> +         hardware random number generator.
> >> +
> >>  config CMD_SLEEP
> >>         bool "sleep"
> >>         default y
> >> diff --git a/cmd/Makefile b/cmd/Makefile
> >> index ed3669411e..34cbda72f5 100644
> >> --- a/cmd/Makefile
> >> +++ b/cmd/Makefile
> >> @@ -131,6 +131,7 @@ obj-$(CONFIG_CMD_REGINFO) += reginfo.o
> >>  obj-$(CONFIG_CMD_REISER) += reiser.o
> >>  obj-$(CONFIG_CMD_REMOTEPROC) += remoteproc.o
> >>  obj-$(CONFIG_CMD_RNG) += rng.o
> >> +obj-$(CONFIG_CMD_KASLRSEED) += kaslrseed.o
> >>  obj-$(CONFIG_CMD_ROCKUSB) += rockusb.o
> >>  obj-$(CONFIG_CMD_RTC) += rtc.o
> >>  obj-$(CONFIG_SANDBOX) += host.o
> >> diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> >> new file mode 100644
> >> index 0000000000..27c2648c91
> >> --- /dev/null
> >> +++ b/cmd/kaslrseed.c
> >> @@ -0,0 +1,81 @@
> >> +// SPDX-License-Identifier: GPL-2.0+
> >> +/*
> >> + * The 'kaslrseed' command takes bytes from the hardware random number
> >> + * generator and uses them to set the kaslr-seed value in the chosen node.
> >> + *
> >> + * Copyright (c) 2021, Chris Morgan <macromorgan at hotmail.com>
> >> + */
> >> +
> >> +#include <common.h>
> >> +#include <command.h>
> >> +#include <dm.h>
> >> +#include <hexdump.h>
> >> +#include <malloc.h>
> >> +#include <rng.h>
> >> +#include <fdt_support.h>
> >> +
> >> +static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
> >> +{
> >> +       size_t n = 0x8;
> >> +       struct udevice *dev;
> >> +       u64 *buf;
> >> +       int nodeoffset;
> >> +       int ret = CMD_RET_SUCCESS;
> >> +
> >> +       if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> >> +               printf("No RNG device\n");
> >> +               return CMD_RET_FAILURE;
> >> +       }
> >> +
> >> +       buf = malloc(n);
> >> +       if (!buf) {
> >> +               printf("Out of memory\n");
> >> +               return CMD_RET_FAILURE;
> >> +       }
> >> +
> >> +       if (dm_rng_read(dev, buf, n)) {
> >> +               printf("Reading RNG failed\n");
> >> +               return CMD_RET_FAILURE;
> >> +       }
> >> +
> >> +       if (!working_fdt) {
> >> +               printf("No FDT memory address configured. Please configure\n"
> >> +                      "the FDT address via \"fdt addr <address>\" command.\n"
> >> +                      "Aborting!\n");
> >> +               return CMD_RET_FAILURE;
> >> +       }
> >> +
> >> +       ret = fdt_check_header(working_fdt);
> >> +       if (ret < 0) {
> >> +               printf("fdt_chosen: %s\n", fdt_strerror(ret));
> >> +               return CMD_RET_FAILURE;
> >> +       }
> >> +
> >> +       nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> >> +       if (nodeoffset < 0) {
> >> +               printf("Reading chosen node failed\n");
> >> +               return CMD_RET_FAILURE;
> >> +       }
> >> +
> >> +       ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> >> +       if (ret < 0) {
> >> +               printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
> >> +               return CMD_RET_FAILURE;
> >> +       }
> >> +
> >> +       free(buf);
> >> +
> >> +       return ret;
> >> +}
> >> +
> >> +#ifdef CONFIG_SYS_LONGHELP
> >> +static char kaslrseed_help_text[] =
> >> +       "[n]\n"
> >> +       "  - append random bytes to chosen kaslr-seed node\n";
> >> +#endif
> >> +
> >> +U_BOOT_CMD(
> >> +       kaslrseed, 1, 0, do_kaslr_seed,
> >> +       "feed bytes from the hardware random number generator to the kaslr-seed",
> >> +       kaslrseed_help_text
> >> +);
> >> --
> >> 2.25.1
> >>
>

More information about the U-Boot mailing list