[PATCH] ARM: imx: Enable kaslrseed command on DH i.MX8M Plus DHCOM

Marek Vasut marex at denx.de
Mon Apr 29 22:08:43 CEST 2024 

On 4/29/24 9:10 PM, Tim Harvey wrote:
> On Tue, Apr 23, 2024 at 4:18 PM Marek Vasut <marex at denx.de> wrote:
>>
>> On 4/19/24 5:24 PM, Tim Harvey wrote:
>>> On Thu, Apr 18, 2024 at 11:42 AM Marek Vasut <marex at denx.de> wrote:
>>>>
>>>> On 4/18/24 8:02 PM, Fabio Estevam wrote:
>>>>> Hi Tim,
>>>>>
>>>>> On Thu, Apr 18, 2024 at 2:54 PM Tim Harvey <tharvey at gateworks.com> wrote:
>>>>>
>>>>>> Fabio, if you enable CONFIG_DM_RNG on an imx8m{m,p}_evk do you get the
>>>>>> following in the SPL?
>>>>>> Couldn't bind rng driver (-96)
>>>>>> SEC0:  RNG instantiated
>>>>>>
>>>>>> sec_init failed!
>>>>>
>>>>> Yes, if I add CONFIG_DM_RNG=y to imx8mm_evk_defconfig I get:
>>>>>
>>>>> U-Boot SPL 2024.04-00793-g3434b88d2c2f-dirty (Apr 18 2024 - 14:58:57 -0300)
>>>>> No pmic
>>>>> Couldn't bind rng driver (-96)
>>>>> SEC0:  RNG instantiated
>>>>>
>>>>> sec_init failed!
>>>>
>>>> Interesting. Which TFA blob version do you use ? I used the mainline
>>>> 2.10 for my tests.
>>>
>>> Marek,
>>>
>>> Were you able to reproduce this as well with the board you enabled
>>> DM_RNG for? If it does work fine what dtb were you using... perhaps
>>> there is something in its u-boot.dtsi that we need?
>>
>> This one arch/arm/dts/imx8mp-dhcom-pdk3.dts , see log below. The build
>> has a few extra patches in it, but nothing which affects the KASLR:
>>
>> $ export SOURCE_DATE_EPOCH=1672531200 ; echo tst > .scmversion
>> $ make imx8mp_dhcom_pdk3_defconfig ; make
>>
>> U-Boot SPL 2024.07-rc1tst (Jan 01 2023 - 00:00:00 +0000)
>> DDR:   4096 MiB [0x5]
>> DDR:   Inline ECC enabled
>> WDT:   Started watchdog at 30280000 with servicing every 1000ms (60s timeout)
>> Trying to boot from BOOTROM
>> Boot Stage: Primary boot
>> image offset 0x1000, pagesize 0x1, ivt offset 0x0
>> NOTICE:  Do not release JR0 to NS as it can be used by HAB
>> NOTICE:  BL31: v2.10.0  (release):v2.10.0-5-gfb51ca229
>> NOTICE:  BL31: Built : 20:30:36, Apr 23 2024
>>
>>
>> U-Boot 2024.07-rc1tst (Jan 01 2023 - 00:00:00 +0000)
>>
>> CPU:   Freescale i.MX8MP[8] rev1.1 1600 MHz (running at 1200 MHz)
>> CPU:   Industrial temperature grade (-40C to 105C) at 70C
>> Reset cause: POR
>> Model: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3)
>> DRAM:  3.5 GiB
>> Core:  183 devices, 34 uclasses, devicetree: separate
>> WDT:   Started watchdog at 30280000 with servicing every 1000ms (60s timeout)
>> MMC:   FSL_SDHC: 0, FSL_SDHC: 1
>> Loading Environment from SPIFlash... SF: Detected w25q128jw with page
>> size 256 Bytes, erase size 4 KiB, total 16 MiB
>> OK
>> In:    serial
>> Out:   serial
>> Err:   serial
>> SEC0:  RNG instantiated
>> Net:   eth1: ethernet at 30be0000, eth0: ethernet at 30bf0000
>> ...
>>
>>> The error -EPFNOSUPPORT is interesting and helps point to the only
>>> place it can be where the comment says the strange errno is to make
>>> this easier to find:
>>> https://elixir.bootlin.com/u-boot/latest/source/drivers/core/uclass.c#L70:
>>>           if (!uc_drv) {
>>>                   debug("Cannot find uclass for id %d: please add the
>>> UCLASS_DRIVER() declaration for this UCLASS_... id\n",
>>>                         id);
>>>                   /*
>>>                    * Use a strange error to make this case easier to find. When
>>>                    * a uclass is not available it can prevent driver model from
>>>                    * starting up and this failure is otherwise hard to debug.
>>>                    */
>>>                   return -EPFNOSUPPORT;
>>>           }
>>>
>>> I'm not very familiar with the dm driver binding - does the
>>> U-BOOT_DRIVER usage in drivers/crypto/fsl/rng.c need to be refactored
>>> to use UCLASS_DRIVER for it to be usable in both SPL and U-Boot?
>>
>> I don't think you need the CAAM RNG in SPL in the first place, or do you ?
>>
>>> Honestly I don't know why we need DM_RNG in SPL anyway and we could
>>> just add support for disabling it there to avoid unwanted bloat.
>>
>> I think you can disable it , yes.
> 
> Marek,
> 
> Would it be advantageous for the kaslr-seed to be added automatically
> from image_setup_libfdt?

Yes, can you prepare a patch ? (I wanted to do this, just haven't had 
the time)

> I notice arch/arm/cpu/armv8/fsl-layerscape/fdt.c:ft_cpu_setup does
> this and board/raspberrypi/rpi/rpi.c looks like it copies kaslr-seed
> from the control fdt which I assume was added by an earlier layer for
> that target.

Right, exactly, this .

> I'm not clear if there is a disadvantage to automatically adding this
> node if DM_RNG is enabled.

I would say, add it.

More information about the U-Boot mailing list