[PATCH v5 2/5] fdt: kaslr seed from RNG device

Wed Nov 29 18:55:07 CET 2023

On Wed, 29 Nov 2023 at 19:47, Simon Glass <sjg at chromium.org> wrote:

> Hi Sean,
>
> On Thu, 16 Nov 2023 at 19:02, <seanedmond at linux.microsoft.com> wrote:
> >
> > From: Dhananjay Phadke <dphadke at linux.microsoft.com>
> >
> > Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
> > API to read 8-bytes of random bytes.  Performs the FDT fixup using event
> > spy.  To enable use CONFIG_KASLR_RNG_SEED
> >
> > Signed-off-by: Dhananjay Phadke <dphadke at linux.microsoft.com>
> > Signed-off-by: Drew Kluemke <ankluemk at microsoft.com>
> > Signed-off-by: Sean Edmond <seanedmond at microsoft.com>
> > ---
> >  boot/fdt_support.c | 36 ++++++++++++++++++++++++++++++++++++
> >  lib/Kconfig        |  7 +++++++
> >  2 files changed, 43 insertions(+)
> >
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
>
> > diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> > index 49d14a949be..12defcf645c 100644
> > --- a/boot/fdt_support.c
> > +++ b/boot/fdt_support.c
> > @@ -12,7 +12,10 @@
> >  #include <log.h>
> >  #include <mapmem.h>
> >  #include <net.h>
> > +#include <rng.h>
> >  #include <stdio_dev.h>
> > +#include <dm/device.h>
> > +#include <dm/uclass.h>
> >  #include <dm/ofnode.h>
> >  #include <linux/ctype.h>
> >  #include <linux/types.h>
> > @@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8
> *seed, int len)
> >         return 0;
> >  }
> >
> > +int fdt_rng_kaslr_seed(void *ctx, struct event *event)
> > +{
> > +       u8 rand[8] = {0};
> > +       struct udevice *dev;
> > +       int ret;
> > +       oftree tree = event->data.ft_fixup.tree;
> > +       ofnode root_node = oftree_root(tree);
> > +
> > +       ret = uclass_first_device_err(UCLASS_RNG, &dev);
> > +       if (ret) {
> > +               printf("ERROR: Failed to find RNG device\n");
> > +               return ret;
> > +       }
> > +
> > +       ret = dm_rng_read(dev, rand, sizeof(rand));
> > +       if (ret) {
> > +               printf("ERROR: RNG read failed, ret=%d\n", ret);
> > +               return ret;
> > +       }
> > +
> > +       ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
> > +       if (ret) {
> > +               printf("ERROR: failed to add kaslr-seed to fdt\n");
> > +               return ret;
> > +       }
> > +
> > +       return 0;
> > +}
> > +
> > +#if defined(CONFIG_KASLR_RNG_SEED)
>
> You could put this if() in the function above
>
>
> > +EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
> > +#endif
> > +
> >  int fdt_record_loadable(void *blob, u32 index, const char *name,
> >                         uintptr_t load_addr, u32 size, uintptr_t
> entry_point,
> >                         const char *type, const char *os, const char
> *arch)
> > diff --git a/lib/Kconfig b/lib/Kconfig
> > index 19649517a39..4f5dfc00d6f 100644
> > --- a/lib/Kconfig
> > +++ b/lib/Kconfig
> > @@ -477,6 +477,13 @@ config VPL_TPM
> >           for the low-level TPM interface, but only one TPM is supported
> at
> >           a time by the TPM library.
> >
> > +config KASLR_RNG_SEED
> > +       bool "Use RNG driver for KASLR random seed"
> > +       depends on DM_RNG
> > +       help
> > +         This enables support for using the RNG driver as entropy
> source for
> > +         KASLR seed populated in kernel's device tree.
> > +
> >  endmenu
> >
> >  menu "Android Verified Boot"
> > --
> > 2.42.0
> >
>

 Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>