[PATCH v5 2/5] fdt: kaslr seed from RNG device

All of lore.kernel.org
 help / color / mirror / Atom feed

From: seanedmond@linux.microsoft.com
To: u-boot@lists.denx.de
Cc: dphadke@linux.microsoft.com, ilias.apalodimas@linaro.org,
	trini@konsulko.com, sjg@chromium.org
Subject: [PATCH v5 2/5] fdt: kaslr seed from RNG device
Date: Thu, 16 Nov 2023 18:02:03 -0800	[thread overview]
Message-ID: <20231117020207.948636-3-seanedmond@linux.microsoft.com> (raw)
In-Reply-To: <20231117020207.948636-1-seanedmond@linux.microsoft.com>

From: Dhananjay Phadke <dphadke@linux.microsoft.com>

Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
API to read 8-bytes of random bytes.  Performs the FDT fixup using event
spy.  To enable use CONFIG_KASLR_RNG_SEED

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Drew Kluemke <ankluemk@microsoft.com>
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
---
 boot/fdt_support.c | 36 ++++++++++++++++++++++++++++++++++++
 lib/Kconfig        |  7 +++++++
 2 files changed, 43 insertions(+)

diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index 49d14a949be..12defcf645c 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -12,7 +12,10 @@
 #include <log.h>
 #include <mapmem.h>
 #include <net.h>
+#include <rng.h>
 #include <stdio_dev.h>
+#include <dm/device.h>
+#include <dm/uclass.h>
 #include <dm/ofnode.h>
 #include <linux/ctype.h>
 #include <linux/types.h>
@@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
 	return 0;
 }
 
+int fdt_rng_kaslr_seed(void *ctx, struct event *event)
+{
+	u8 rand[8] = {0};
+	struct udevice *dev;
+	int ret;
+	oftree tree = event->data.ft_fixup.tree;
+	ofnode root_node = oftree_root(tree);
+
+	ret = uclass_first_device_err(UCLASS_RNG, &dev);
+	if (ret) {
+		printf("ERROR: Failed to find RNG device\n");
+		return ret;
+	}
+
+	ret = dm_rng_read(dev, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: RNG read failed, ret=%d\n", ret);
+		return ret;
+	}
+
+	ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: failed to add kaslr-seed to fdt\n");
+		return ret;
+	}
+
+	return 0;
+}
+
+#if defined(CONFIG_KASLR_RNG_SEED)
+EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
+#endif
+
 int fdt_record_loadable(void *blob, u32 index, const char *name,
 			uintptr_t load_addr, u32 size, uintptr_t entry_point,
 			const char *type, const char *os, const char *arch)
diff --git a/lib/Kconfig b/lib/Kconfig
index 19649517a39..4f5dfc00d6f 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -477,6 +477,13 @@ config VPL_TPM
 	  for the low-level TPM interface, but only one TPM is supported at
 	  a time by the TPM library.
 
+config KASLR_RNG_SEED
+	bool "Use RNG driver for KASLR random seed"
+	depends on DM_RNG
+	help
+	  This enables support for using the RNG driver as entropy source for
+	  KASLR seed populated in kernel's device tree.
+
 endmenu
 
 menu "Android Verified Boot"
-- 
2.42.0

next prev parent reply	other threads:[~2023-11-17  2:02 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-17  2:02 [PATCH v5 0/5] Populate kaslr seed with RNG seanedmond
2023-11-17  2:02 ` [PATCH v5 1/5] fdt: common API to populate kaslr seed seanedmond
2023-11-29 17:47   ` Simon Glass
2023-11-17  2:02 ` seanedmond [this message]
2023-11-18  7:33   ` [PATCH v5 2/5] fdt: kaslr seed from RNG device Ilias Apalodimas
2023-11-22 23:55     ` Sean Edmond
2023-11-23  6:17       ` Ilias Apalodimas
2023-11-29 17:47   ` Simon Glass
2023-11-29 17:55     ` Ilias Apalodimas
2023-11-17  2:02 ` [PATCH v5 3/5] cmd: kaslrseed: Use common API to fixup FDT seanedmond
2023-11-29 17:47   ` Simon Glass
2023-11-17  2:02 ` [PATCH v5 4/5] dm: core: Modify default for OFNODE_MULTI_TREE seanedmond
2023-11-29 17:47   ` Simon Glass
2023-11-17  2:02 ` [PATCH v5 5/5] fdt: Fix compile error for !OFNODE_MULTI_TREE seanedmond
2023-11-29 17:47   ` Simon Glass

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:49d14a949b dfblob:12defcf645 dfblob:19649517a3
dfblob:4f5dfc00d6 )
 OR (
bs:"[PATCH v5 2/5] fdt: kaslr seed from RNG device" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231117020207.948636-3-seanedmond@linux.microsoft.com \
    --to=seanedmond@linux.microsoft.com \
    --cc=dphadke@linux.microsoft.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=sjg@chromium.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.