[PATCH v2] configs: KASLR OPTEE RNG support for K3 devices
Gokul Praveen
g-praveen at ti.com
Mon Jul 14 07:46:09 CEST 2025
HI Bryan,
On 11/07/25 17:47, Bryan Brattlof wrote:
> On July 11, 2025 thus sayeth Gokul Praveen:
>> Hi Bryan,
>>
>> On 10/07/25 19:47, Bryan Brattlof wrote:
>>> On July 10, 2025 thus sayeth Gokul:
>>>> From: Gokul Praveen <g-praveen at ti.com>
>>>>
>>>> KASLR, or Kernel Address Space Layout Randomization, is a security
>>>> feature in the Linux kernel that randomizes the memory location
>>>> where the kernel is loaded during boot.
>>>>
>>>> OP-TEE RNG is a Random Number Generator (RNG) component within the
>>>> Open Portable Trusted Execution Environment (OP-TEE) which provides
>>>> a random number to U-BOOT and U-BOOT provides this random number
>>>> as seed value to the LINUX kernel for KASLR.
>>>>
>>>> Add KASLR OPTEE RNG support across K3 devices by enabling the required
>>>> configs.
>>>>
>>>> Signed-off-by: Gokul Praveen <g-praveen at ti.com>
>>>> ---
>>>> v2<==> v1
>>>> ===========
>>>> * Added 'if' condition for configs to avoid enabling this feature
>>>> in R5.
>>>
>>> Works for me.
>>>
>>> Reviewed-by: Bryan Brattlof <bb at ti.com>
>>>
>>>>
>>>> Boot logs Link :
>>>>
>>>> https://gist.github.com/GokulPraveen2001/44aa8c0962438c12ffc55e6ed67742e5
>>>
>>> Just curious are you enabling the kaslrseed command for this build? It
>>> looks like you're using TI's evil vendor scripts but I assumed the
>>> kaslrseed command was disabled.
>>
>> Can you elaborate more on this,Bryan?
>>
>> Actually, we are not using the kaslrseed device tree property. Is that what
>> you meant,Bryan?
>
> Everything in this boot log is tagged as dirty. So I'm just trying to
> ensure I've got everything setup correctly.
>
> I was curious what you are doing to generate the line:
>
> KASLR SEED OPTEE SET SUCCESSFULLY
>
> before we jump to the kernel.
Oh,got it Bryan. Those were just small debug prints I added in the
"kaslr.c" file during the testing phase to check the offsets at which it
was loading.So,the boot logs in the link are the ones I got during the
testing phase,which I have not included in the patch provided as it is
not needed.
Regards
Gokul
More information about the U-Boot
mailing list