[PATCH v5 2/3] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
Simon Glass
sjg at chromium.org
Fri May 31 04:47:52 CEST 2024
On Thu, 30 May 2024 at 16:06, Tim Harvey <tharvey at gateworks.com> wrote:
>
> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> randomize the virtual address at which the kernel image is loaded, it
> expects entropy to be provided by the bootloader by populating
> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
>
> If we have DM_RNG enabled populate this value automatically when
> fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
> is enabled as its implementation uses a different source of entropy
> that is not yet implemented as DM_RNG. We also skip this if
> MEASURED_BOOT is enabled as in that case any modifications to the
> dt will cause measured boot to fail (although there are many other
> places the dt is altered).
>
> Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> randomization and completely ignores the kaslr-seed for its own
> randomness needs (i.e the randomization of the physical placement of
> the kernel). It gets weeded out from the DTB that gets handed over via
> efi_install_fdt() as it would also mess up the measured boot DTB TPM
> measurements as well.
>
> Signed-off-by: Tim Harvey <tharvey at gateworks.com>
> Cc: Michal Simek <michal.simek at amd.com>
> Cc: Andy Yan <andy.yan at rock-chips.com>
> Cc: Akash Gajjar <gajjar04akash at gmail.com>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Patrick Delaunay <patrick.delaunay at foss.st.com>
> Cc: Patrice Chotard <patrice.chotard at foss.st.com>
> Cc: Devarsh Thakkar <devarsht at ti.com>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Hugo Villeneuve <hvilleneuve at dimonoff.com>
> Cc: Marek Vasut <marex at denx.de>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Chris Morgan <macromorgan at hotmail.com>
> ---
> v5:
> - fixed typo in commit message s/it's/its/
> - split patch into 3 parts
> v4:
> - add missing /n to notice in kaslrseed cmd
> - combine ints in declaration
> - remove unused vars from board/xilinx/common/board.c ft_board_setup
> v3:
> - skip if CONFIG_MEASURED_BOOT
> - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
> - pass in rng index and bool to specify overwrite
> - remove duplicate error strings printed outside of fdt_kaslrseed
> - added note to commit log about how EFI STUB weeds out kalsr-seed
> v2:
> - fix typo in commit msg
> - use stack for seed to avoid unecessary malloc/free
> - move to a library function and deduplicate code by using it
> elsewhere
> ---
> boot/fdt_support.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
Reviewed-by: Simon Glass <sjg at chromium.org>
My only question is whether there should be error checking here?
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> index b1b2679dea0c..4559adcd5e2e 100644
> --- a/boot/fdt_support.c
> +++ b/boot/fdt_support.c
> @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt)
> if (nodeoffset < 0)
> return nodeoffset;
>
> + /* if DM_RNG enabled automatically inject kaslr-seed node unless:
> + * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured boot
> + * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation does not use dm yet
> + */
> + if (IS_ENABLED(CONFIG_DM_RNG) &&
> + !IS_ENABLED(CONFIG_MEASURED_BOOT) &&
> + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))
> + fdt_kaslrseed(fdt, false);
> +
> if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
> err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> abuf_data(&buf), abuf_size(&buf));
> --
> 2.25.1
>
Regards,
Simon
More information about the U-Boot
mailing list