[PATCH v5 2/3] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled

Simon Glass sjg at chromium.org
Fri May 31 04:47:52 CEST 2024


On Thu, 30 May 2024 at 16:06, Tim Harvey <tharvey at gateworks.com> wrote:
>
> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> randomize the virtual address at which the kernel image is loaded, it
> expects entropy to be provided by the bootloader by populating
> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
>
> If we have DM_RNG enabled populate this value automatically when
> fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
> is enabled as its implementation uses a different source of entropy
> that is not yet implemented as DM_RNG. We also skip this if
> MEASURED_BOOT is enabled as in that case any modifications to the
> dt will cause measured boot to fail (although there are many other
> places the dt is altered).
>
> Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> randomization and completely ignores the kaslr-seed for its own
> randomness needs (i.e the randomization of the physical placement of
> the kernel). It gets weeded out from the DTB that gets handed over via
> efi_install_fdt() as it would also mess up the measured boot DTB TPM
> measurements as well.
>
> Signed-off-by: Tim Harvey <tharvey at gateworks.com>
> Cc: Michal Simek <michal.simek at amd.com>
> Cc: Andy Yan <andy.yan at rock-chips.com>
> Cc: Akash Gajjar <gajjar04akash at gmail.com>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Patrick Delaunay <patrick.delaunay at foss.st.com>
> Cc: Patrice Chotard <patrice.chotard at foss.st.com>
> Cc: Devarsh Thakkar <devarsht at ti.com>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Hugo Villeneuve <hvilleneuve at dimonoff.com>
> Cc: Marek Vasut <marex at denx.de>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Chris Morgan <macromorgan at hotmail.com>
> ---
> v5:
>  - fixed typo in commit message s/it's/its/
>  - split patch into 3 parts
> v4:
>  - add missing /n to notice in kaslrseed cmd
>  - combine ints in declaration
>  - remove unused vars from board/xilinx/common/board.c ft_board_setup
> v3:
>  - skip if CONFIG_MEASURED_BOOT
>  - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
>  - pass in rng index and bool to specify overwrite
>  - remove duplicate error strings printed outside of fdt_kaslrseed
>  - added note to commit log about how EFI STUB weeds out kalsr-seed
> v2:
>  - fix typo in commit msg
>  - use stack for seed to avoid unecessary malloc/free
>  - move to a library function and deduplicate code by using it
>    elsewhere
> ---
>  boot/fdt_support.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>

Reviewed-by: Simon Glass <sjg at chromium.org>

My only question is whether there should be error checking here?

> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> index b1b2679dea0c..4559adcd5e2e 100644
> --- a/boot/fdt_support.c
> +++ b/boot/fdt_support.c
> @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt)
>         if (nodeoffset < 0)
>                 return nodeoffset;
>
> +       /* if DM_RNG enabled automatically inject kaslr-seed node unless:
> +        * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured boot
> +        * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation does not use dm yet
> +        */
> +       if (IS_ENABLED(CONFIG_DM_RNG) &&
> +           !IS_ENABLED(CONFIG_MEASURED_BOOT) &&
> +           !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))
> +               fdt_kaslrseed(fdt, false);
> +
>         if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
>                 err = fdt_setprop(fdt, nodeoffset, "rng-seed",
>                                   abuf_data(&buf), abuf_size(&buf));
> --
> 2.25.1
>

Regards,
Simon


More information about the U-Boot mailing list