[PATCH] fdt: add kaslr-seed if DM_RNG is enabled

Wed May 15 18:29:31 CEST 2024

On Tue, May 14, 2024 at 5:50 PM Marek Vasut <marex at denx.de> wrote:
>
> On 5/15/24 2:22 AM, Tim Harvey wrote:
> > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> > randomize the virtual address at which the kernel image is loaded, it
> > expects entropy to be provided by the bootloader by populating
> > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
>
> Thanks for working on this one, this is really nice.
>
> > If we have DM_RNG enabled poulate this value automatically when
> > fdt_chosen is called.

Hi Marek,

Just noticed a typo in the commit log - I'll s/poulate/populate/ in v2

> >
> > Signed-off-by: Tim Harvey <tharvey at gateworks.com>
> > ---
> >   boot/fdt_support.c | 23 +++++++++++++++++++++++
> >   1 file changed, 23 insertions(+)
> >
> > diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> > index 874ca4d6f5af..cd3069baf450 100644
> > --- a/boot/fdt_support.c
> > +++ b/boot/fdt_support.c
> > @@ -7,10 +7,12 @@
> >    */
> >
> >   #include <abuf.h>
> > +#include <dm.h>
> >   #include <env.h>
> >   #include <log.h>
> >   #include <mapmem.h>
> >   #include <net.h>
> > +#include <rng.h>
> >   #include <stdio_dev.h>
> >   #include <dm/ofnode.h>
> >   #include <linux/ctype.h>
> > @@ -300,6 +302,27 @@ int fdt_chosen(void *fdt)
> >       if (nodeoffset < 0)
> >               return nodeoffset;
> >
> > +     if (IS_ENABLED(CONFIG_DM_RNG)) {
> > +             struct udevice *dev;
> > +             size_t len = 0x8;
> > +             u64 *data;
> > +
> > +             data = malloc(len);
>
> Can you allocate this 8 byte array on stack , i.e. u64 data[2]; ?
>

Sure... that makes sense - u64 data (just 1 64bit value)

> cmd/kaslrseed.c could use similar clean up (and
> lib/efi_loader/efi_dt_fixup.c and boot/pxe_utils.c ... uhhh). Maybe you
> can deduplicate this functionality into common code shared by all those
> duplicates before the duplication gets out of control ?
>
> lib/kaslrseed.c looks like a good place to put the common stuff.

Yes I started off making a function to do this but then I noticed we
had an fdt_chosen function and it fit there nicer as I didn't have to
find/create the chosen node. I also didn't know of a great place to
put it.

I will create a lib/kaslrseed.c with function for v2.

>
> > +             if (!data)
> > +                     return -ENOMEM;
> > +
> > +             err = uclass_get_device(UCLASS_RNG, 0, &dev);
> > +             if (!err)
> > +                     err = dm_rng_read(dev, data, len);
> > +             if (!err)
> > +                     err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", data, len);
> > +             if (err < 0) {
> > +                     printf("WARNING: could not set kaslr-seed %s.\n",
> > +                            fdt_strerror(err));
> > +                     return err;
> > +             }
>
> You're missing free() here, but it shouldn't be needed if you allocate
> the array on stack, which is better/simpler.

Yes, I will avoid the malloc to fix that.

Thanks,

Tim