[PATCH v2 3/4] cmd: kaslrseed: Use common API to fixup FDT

Thu Sep 7 17:45:02 CEST 2023

On Thu, Aug 31, 2023 at 01:02:02PM -0600, Simon Glass wrote:
> Hi Sean,
> 
> On Tue, 29 Aug 2023 at 14:37, <seanedmond at linux.microsoft.com> wrote:
> >
> > From: Sean Edmond <seanedmond at microsoft.com>
> >
> > Use the newly introduced common API fdt_fixup_kaslr_seed() in the
> > kaslrseed command.
> >
> > Signed-off-by: Sean Edmond <seanedmond at microsoft.com>
> > ---
> >  cmd/kaslrseed.c | 22 ++++++++--------------
> >  1 file changed, 8 insertions(+), 14 deletions(-)
> >
> > diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> > index 8a1d8120cd..c65607619b 100644
> > --- a/cmd/kaslrseed.c
> > +++ b/cmd/kaslrseed.c
> > @@ -19,7 +19,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >         size_t n = 0x8;
> >         struct udevice *dev;
> >         u64 *buf;
> > -       int nodeoffset;
> > +       ofnode root;
> >         int ret = CMD_RET_SUCCESS;
> >
> >         if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > @@ -45,21 +45,15 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >                 return CMD_RET_FAILURE;
> >         }
> >
> > -       ret = fdt_check_header(working_fdt);
> > -       if (ret < 0) {
> > -               printf("fdt_chosen: %s\n", fdt_strerror(ret));
> > -               return CMD_RET_FAILURE;
> > -       }
> > -
> > -       nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> > -       if (nodeoffset < 0) {
> > -               printf("Reading chosen node failed\n");
> > -               return CMD_RET_FAILURE;
> > +       ret = root_ofnode_from_fdt(working_fdt, &root);
> > +       if (ret) {
> > +               printf("ERROR: Unable to get root ofnode\n");
> > +               goto CMD_RET_FAILURE;
> >         }
> >
> > -       ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> > -       if (ret < 0) {
> > -               printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
> > +       ret = fdt_fixup_kaslr_seed(root, buf, sizeof(buf));
> > +       if (ret) {
> > +               printf("ERROR: failed to add kaslr-seed to fdt\n");
> >                 return CMD_RET_FAILURE;
> >         }
> 
> Reviewed-by: Simon Glass <sjg at chromium.org>
> 
> So this command is intended to be used in a script? I am just trying
> to understand why we have the fixup code as well as this.
> 
> Regards,
> Simon

This command is intended to be used in a script, I wrote it as a
command a while ago and thought it might be useful for others so I
pushed it upstream. Since then I've started applying a kaslrseed value
with a fixup (basically copying what the rng-seed fixup does) so I
don't have to do anything special with my boot.scr files.

I'm perfectly fine with either eliminating this command all together,
or making it use a software RNG (again I can't speak to the security
implications of this, as I'm not a security guy). I can just start
adding the kaslr-seed in the board files anyway.

Thank you,
Chris