[PATCH v3 2/5] fdt: kaslr seed from RNG device

Fri Oct 27 15:29:34 CEST 2023

On Tue, Sep 12, 2023 at 02:35:01PM -0700, seanedmond at linux.microsoft.com wrote:
> From: Dhananjay Phadke <dphadke at linux.microsoft.com>
>
> Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
> API to read 8-bytes of random bytes.  Performs the FDT fixup using event
> spy.  To enable use CONFIG_KASLR_RNG_SEED
>
> Signed-off-by: Dhananjay Phadke <dphadke at linux.microsoft.com>
> Signed-off-by: Drew Kluemke <ankluemk at microsoft.com>
> Signed-off-by: Sean Edmond <seanedmond at microsoft.com>
> ---
>  common/fdt_support.c | 36 ++++++++++++++++++++++++++++++++++++
>  lib/Kconfig          |  7 +++++++
>  2 files changed, 43 insertions(+)
>
> diff --git a/common/fdt_support.c b/common/fdt_support.c
> index 52be4375b4..09ce582865 100644
> --- a/common/fdt_support.c
> +++ b/common/fdt_support.c
> @@ -12,7 +12,10 @@
>  #include <log.h>
>  #include <mapmem.h>
>  #include <net.h>
> +#include <rng.h>
>  #include <stdio_dev.h>
> +#include <dm/device.h>
> +#include <dm/uclass.h>
>  #include <dm/ofnode.h>
>  #include <linux/ctype.h>
>  #include <linux/types.h>
> @@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
>  	return 0;
>  }
>
> +int fdt_rng_kaslr_seed(void *ctx, struct event *event)
> +{
> +	u8 rand[8] = {0};
> +	struct udevice *dev;
> +	int ret;
> +	oftree tree = event->data.ft_fixup.tree;
> +	ofnode root_node = oftree_root(tree);
> +
> +	ret = uclass_first_device_err(UCLASS_RNG, &dev);
> +	if (ret) {
> +		printf("ERROR: Failed to find RNG device\n");
> +		return ret;
> +	}
> +
> +	ret = dm_rng_read(dev, rand, sizeof(rand));
> +	if (ret) {
> +		printf("ERROR: RNG read failed, ret=%d\n", ret);
> +		return ret;
> +	}
> +
> +	ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
> +	if (ret) {
> +		printf("ERROR: failed to add kaslr-seed to fdt\n");
> +		return ret;
> +	}
> +
> +	return 0;
> +}
> +
> +#if defined(CONFIG_KASLR_RNG_SEED)
> +EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
> +#endif
> +
>  int fdt_record_loadable(void *blob, u32 index, const char *name,
>  			uintptr_t load_addr, u32 size, uintptr_t entry_point,
>  			const char *type, const char *os, const char *arch)
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 3926652db6..545a14343e 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -465,6 +465,13 @@ config VPL_TPM
>  	  for the low-level TPM interface, but only one TPM is supported at
>  	  a time by the TPM library.
>
> +config KASLR_RNG_SEED
> +	bool "Use RNG driver for KASLR random seed"
> +	depends on DM_RNG
> +	help
> +	  This enables support for using the RNG driver as entropy source for
> +	  KASLR seed populated in kernel's device tree.
> +
>  endmenu
>
>  menu "Android Verified Boot"
> --
> 2.40.0
>

Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>