[PATCH v5 1/3] Add fdt_kaslrseed function to add kaslr-seed to chosen node

Simon Glass sjg at chromium.org
Fri May 31 04:47:51 CEST 2024 

On Thu, 30 May 2024 at 16:06, Tim Harvey <tharvey at gateworks.com> wrote:
>
> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> randomize the virtual address at which the kernel image is loaded, it
> expects entropy to be provided by the bootloader by populating
> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
>
> Add a fdt_kaslrseed function to accommodate this allowing an existing
> node to be overwritten if present. For now use the first rng device
> but it would be good to enhance this in the future to allow some sort
> of selection or policy in choosing the rng device used.
>
> Signed-off-by: Tim Harvey <tharvey at gateworks.com>
> Cc: Michal Simek <michal.simek at amd.com>
> Cc: Andy Yan <andy.yan at rock-chips.com>
> Cc: Akash Gajjar <gajjar04akash at gmail.com>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Patrick Delaunay <patrick.delaunay at foss.st.com>
> Cc: Patrice Chotard <patrice.chotard at foss.st.com>
> Cc: Devarsh Thakkar <devarsht at ti.com>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Hugo Villeneuve <hvilleneuve at dimonoff.com>
> Cc: Marek Vasut <marex at denx.de>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Chris Morgan <macromorgan at hotmail.com>
> ---
> v5:
>  - move function to boot/fdt_support.c
>  - remove ability to select rng index and note in the commit log
>    something like this as a future enhancement.
>  - fixed typo in commit message s/it's/its/
>  - use cmd_process_error per Michal's suggestion
> v4:
>  - add missing /n to notice in kaslrseed cmd
>  - combine ints in declaration
>  - remove unused vars from board/xilinx/common/board.c ft_board_setup
> v3:
>  - skip if CONFIG_MEASURED_BOOT
>  - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
>  - pass in rng index and bool to specify overwrite
>  - remove duplicate error strings printed outside of fdt_kaslrseed
>  - added note to commit log about how EFI STUB weeds out kalsr-seed
> v2:
>  - fix typo in commit msg
>  - use stack for seed to avoid unecessary malloc/free
>  - move to a library function and deduplicate code by using it
>    elsewhere
> ---
>  boot/fdt_support.c    | 44 +++++++++++++++++++++++++++++++++++++++++++
>  include/fdt_support.h | 10 ++++++++++
>  2 files changed, 54 insertions(+)
>

Reviewed-by: Simon Glass <sjg at chromium.org>

More information about the U-Boot mailing list