[PATCH v3 2/5] fdt: kaslr seed from RNG device

All of lore.kernel.org
 help / color / mirror / Atom feed

From: seanedmond@linux.microsoft.com
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, dphadke@linux.microsoft.com,
	ilias.apalodimas@linaro.org
Subject: [PATCH v3 2/5] fdt: kaslr seed from RNG device
Date: Tue, 12 Sep 2023 14:35:01 -0700	[thread overview]
Message-ID: <20230912213504.65513-3-seanedmond@linux.microsoft.com> (raw)
In-Reply-To: <20230912213504.65513-1-seanedmond@linux.microsoft.com>

From: Dhananjay Phadke <dphadke@linux.microsoft.com>

Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
API to read 8-bytes of random bytes.  Performs the FDT fixup using event
spy.  To enable use CONFIG_KASLR_RNG_SEED

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Drew Kluemke <ankluemk@microsoft.com>
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
---
 common/fdt_support.c | 36 ++++++++++++++++++++++++++++++++++++
 lib/Kconfig          |  7 +++++++
 2 files changed, 43 insertions(+)

diff --git a/common/fdt_support.c b/common/fdt_support.c
index 52be4375b4..09ce582865 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -12,7 +12,10 @@
 #include <log.h>
 #include <mapmem.h>
 #include <net.h>
+#include <rng.h>
 #include <stdio_dev.h>
+#include <dm/device.h>
+#include <dm/uclass.h>
 #include <dm/ofnode.h>
 #include <linux/ctype.h>
 #include <linux/types.h>
@@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
 	return 0;
 }
 
+int fdt_rng_kaslr_seed(void *ctx, struct event *event)
+{
+	u8 rand[8] = {0};
+	struct udevice *dev;
+	int ret;
+	oftree tree = event->data.ft_fixup.tree;
+	ofnode root_node = oftree_root(tree);
+
+	ret = uclass_first_device_err(UCLASS_RNG, &dev);
+	if (ret) {
+		printf("ERROR: Failed to find RNG device\n");
+		return ret;
+	}
+
+	ret = dm_rng_read(dev, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: RNG read failed, ret=%d\n", ret);
+		return ret;
+	}
+
+	ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: failed to add kaslr-seed to fdt\n");
+		return ret;
+	}
+
+	return 0;
+}
+
+#if defined(CONFIG_KASLR_RNG_SEED)
+EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
+#endif
+
 int fdt_record_loadable(void *blob, u32 index, const char *name,
 			uintptr_t load_addr, u32 size, uintptr_t entry_point,
 			const char *type, const char *os, const char *arch)
diff --git a/lib/Kconfig b/lib/Kconfig
index 3926652db6..545a14343e 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -465,6 +465,13 @@ config VPL_TPM
 	  for the low-level TPM interface, but only one TPM is supported at
 	  a time by the TPM library.
 
+config KASLR_RNG_SEED
+	bool "Use RNG driver for KASLR random seed"
+	depends on DM_RNG
+	help
+	  This enables support for using the RNG driver as entropy source for
+	  KASLR seed populated in kernel's device tree.
+
 endmenu
 
 menu "Android Verified Boot"
-- 
2.40.0

next prev parent reply	other threads:[~2023-09-12 21:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-12 21:34 [PATCH v3 0/5] Populate kaslr seed with RNG seanedmond
2023-09-12 21:35 ` [PATCH v3 1/5] fdt: common API to populate kaslr seed seanedmond
2023-09-21  1:02   ` Simon Glass
2023-09-12 21:35 ` seanedmond [this message]
2023-09-21  1:02   ` [PATCH v3 2/5] fdt: kaslr seed from RNG device Simon Glass
2023-09-12 21:35 ` [PATCH v3 3/5] cmd: kaslrseed: Use common API to fixup FDT seanedmond
2023-09-21  1:02   ` Simon Glass
2023-09-12 21:35 ` [PATCH v3 4/5] dm: core: Modify default for OFNODE_MULTI_TREE seanedmond
2023-09-21  1:03   ` Simon Glass
2023-11-02 22:06   ` Tom Rini
2023-09-12 21:35 ` [PATCH v3 5/5] fdt: Fix compile error for !OFNODE_MULTI_TREE seanedmond
2023-09-21  1:03   ` Simon Glass

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:52be4375b dfblob:09ce58286 dfblob:3926652db dfblob:545a14343 )
 OR (
bs:"[PATCH v3 2/5] fdt: kaslr seed from RNG device" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230912213504.65513-3-seanedmond@linux.microsoft.com \
    --to=seanedmond@linux.microsoft.com \
    --cc=dphadke@linux.microsoft.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.