From: Arnd Bergmann <arnd@arndb.de>
To: linux-arm-kernel@lists.infradead.org
Cc: Jason Cooper <jason@lakedaemon.net>,
devicetree@vger.kernel.org, Laura Abbott <lauraa@codeaurora.org>,
keescook@chromium.org, linux-kernel@vger.kernel.org,
Rob Herring <robh+dt@kernel.org>,
Kumar Gala <galak@codeaurora.org>,
Grant Likely <grant.likely@linaro.org>
Subject: Re: [RFC/PATCH 0/3] Add devicetree scanning for randomness
Date: Wed, 12 Feb 2014 20:12:23 +0100 [thread overview]
Message-ID: <1882539.R1gpoLLYks@wuerfel> (raw)
In-Reply-To: <20140212184521.GO27395@titan.lakedaemon.net>
On Wednesday 12 February 2014 13:45:21 Jason Cooper wrote:
> On Wed, Feb 12, 2014 at 07:17:41PM +0100, Arnd Bergmann wrote:
> > On Wednesday 12 February 2014 12:45:54 Jason Cooper wrote:
> > > I brought this up at last weeks devicetree irc meeting. My goal is to
> > > provide early randomness for kaslr on ARM. Currently, my idea is modify
> > > the init script to save an additional random seed from /dev/urandom to
> > > /boot/random-seed.
> > >
> > > The bootloader would then load this file into ram, and pass the
> > > address/size to the kernel either via dt, or commandline. kaslr (run in
> > > the decompressor) would consume some of this randomness, and then
> > > random.c would consume the rest in a non-crediting initialization.
> >
> > I like the idea, but wouldn't it be easier to pass actual random data
> > using DT, rather than the address/size?
>
> I thought about that at first, but that requires either that the
> bootloader be upgraded to insert the data, or that userspace is
> modifying the dtb at least twice per boot.
>
> I chose address/size to facilitate modifying existing/fielded devices.
> The user could modify the dtb once, and modify the bootloader
> environment to load X amount to Y address. As a fallback, it could be
> expressed on the commandline for non-DT bootloaders.
Ah, so you are interested in boot loaders that can be scripted to do
what you had in mind but cannot be scripted to add or modify a DT
property. I hadn't considered that, but you are probably right that
this is at least 90% of the systems you'd find in the wild today.
Thinking this a bit further, I wonder if (at least upstream) u-boot
has a way to modify DT properties in a scripted way that would allow
the direct property. It sounds like a generally useful feature not
just for randomness, so if that doesn't already work, maybe someone
can implement it. In the simplest case, you'd only need to find the
address of an existing property in the dtb and load a file to
that location.
Arnd
next prev parent reply other threads:[~2014-02-12 19:12 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-12 1:33 [RFC/PATCH 0/3] Add devicetree scanning for randomness Laura Abbott
[not found] ` < 201402121251.06280.arnd@arndb.de>
2014-02-12 1:33 ` [RFC/PATCH 1/3] of: Add early randomness hooks Laura Abbott
2014-02-12 1:33 ` [RFC/PATCH 2/3] arm: Add ARCH_WANT_OF_RANDOMNESS Laura Abbott
2014-02-12 1:33 ` [RFC/PATCH 3/3] init: Move stack canary initialization after setup_arch Laura Abbott
2014-02-12 11:51 ` [RFC/PATCH 0/3] Add devicetree scanning for randomness Arnd Bergmann
[not found] ` <201402121251.06280.arnd-r2nGTMty4D4@public.gmane.org>
2014-02-12 17:45 ` Jason Cooper
2014-02-12 18:17 ` Arnd Bergmann
2014-02-12 18:45 ` Jason Cooper
2014-02-12 19:12 ` Arnd Bergmann [this message]
2014-02-12 19:43 ` Jason Cooper
2014-02-12 23:55 ` Rob Herring
[not found] ` <20140212174554.GM27395-u4khhh1J0LxI1Ri9qeTfzeTW4wlIGRCZ@public.gmane.org>
2014-02-12 18:13 ` Olof Johansson
[not found] ` <CAOesGMgNkdxW4znmns10-DPc4+OTWJLyx2fcJGTgdND6pp0zUQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-02-12 18:32 ` Jason Cooper
2014-02-12 18:20 ` Jason Gunthorpe
[not found] ` <20140212182000.GJ5554-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2014-02-12 18:51 ` Jason Cooper
2014-02-17 15:54 ` Grant Likely
2014-02-17 16:13 ` Arnd Bergmann
2014-02-17 18:23 ` Jason Cooper
2014-02-17 21:07 ` Geert Uytterhoeven
[not found] ` <CAMuHMdW7S=o4oHVsNtYo0i_giB5cgWhygo-GgSaA1Kur6m3vng-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-02-18 17:56 ` Jason Cooper
2014-02-18 9:39 ` Grant Likely
2014-02-18 18:19 ` Jason Gunthorpe
2014-02-12 21:35 ` Kees Cook
2014-02-13 0:06 ` Laura Abbott
[not found] ` < 1392168805-14200-2-git-send-email-lauraa@codeaurora.org>
[not found] ` <1392168805-14200-2-git-send-email-lauraa-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2014-02-12 16:47 ` [RFC/PATCH 1/3] of: Add early randomness hooks Grant Likely
[not found] ` < 1392168805-14200-3-git-send-email-lauraa@codeaurora.org>
[not found] ` <1392168805-14200-3-git-send-email-lauraa-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2014-02-12 16:49 ` [RFC/PATCH 2/3] arm: Add ARCH_WANT_OF_RANDOMNESS Grant Likely
[not found] ` <20140212164907.0E958C407C9-WNowdnHR2B42iJbIjFUEsiwD8/FfD2ys@public.gmane.org>
2014-02-13 0:54 ` Laura Abbott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1882539.R1gpoLLYks@wuerfel \
--to=arnd@arndb.de \
--cc=devicetree@vger.kernel.org \
--cc=galak@codeaurora.org \
--cc=grant.likely@linaro.org \
--cc=jason@lakedaemon.net \
--cc=keescook@chromium.org \
--cc=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).