[PATCH v5 2/3] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled

Tim Harvey tharvey at gateworks.com
Fri May 31 00:06:33 CEST 2024


If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.

If we have DM_RNG enabled populate this value automatically when
fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
is enabled as its implementation uses a different source of entropy
that is not yet implemented as DM_RNG. We also skip this if
MEASURED_BOOT is enabled as in that case any modifications to the
dt will cause measured boot to fail (although there are many other
places the dt is altered).

Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.

Signed-off-by: Tim Harvey <tharvey at gateworks.com>
Cc: Michal Simek <michal.simek at amd.com>
Cc: Andy Yan <andy.yan at rock-chips.com>
Cc: Akash Gajjar <gajjar04akash at gmail.com>
Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
Cc: Simon Glass <sjg at chromium.org>
Cc: Patrick Delaunay <patrick.delaunay at foss.st.com>
Cc: Patrice Chotard <patrice.chotard at foss.st.com>
Cc: Devarsh Thakkar <devarsht at ti.com>
Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
Cc: Hugo Villeneuve <hvilleneuve at dimonoff.com>
Cc: Marek Vasut <marex at denx.de>
Cc: Tom Rini <trini at konsulko.com>
Cc: Chris Morgan <macromorgan at hotmail.com>
---
v5:
 - fixed typo in commit message s/it's/its/
 - split patch into 3 parts
v4:
 - add missing /n to notice in kaslrseed cmd
 - combine ints in declaration
 - remove unused vars from board/xilinx/common/board.c ft_board_setup
v3:
 - skip if CONFIG_MEASURED_BOOT
 - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
 - pass in rng index and bool to specify overwrite
 - remove duplicate error strings printed outside of fdt_kaslrseed
 - added note to commit log about how EFI STUB weeds out kalsr-seed
v2:
 - fix typo in commit msg
 - use stack for seed to avoid unecessary malloc/free
 - move to a library function and deduplicate code by using it
   elsewhere
---
 boot/fdt_support.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index b1b2679dea0c..4559adcd5e2e 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -345,6 +345,15 @@ int fdt_chosen(void *fdt)
 	if (nodeoffset < 0)
 		return nodeoffset;
 
+	/* if DM_RNG enabled automatically inject kaslr-seed node unless:
+	 * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured boot
+	 * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation does not use dm yet
+	 */
+	if (IS_ENABLED(CONFIG_DM_RNG) &&
+	    !IS_ENABLED(CONFIG_MEASURED_BOOT) &&
+	    !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))
+		fdt_kaslrseed(fdt, false);
+
 	if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
 		err = fdt_setprop(fdt, nodeoffset, "rng-seed",
 				  abuf_data(&buf), abuf_size(&buf));
-- 
2.25.1



More information about the U-Boot mailing list