From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0BB7C4338F for ; Wed, 25 Aug 2021 16:23:15 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 249526113A for ; Wed, 25 Aug 2021 16:23:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 249526113A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 232D682BB2; Wed, 25 Aug 2021 18:23:13 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="MMxsVNHz"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DFD0F829C6; Wed, 25 Aug 2021 18:23:11 +0200 (CEST) Received: from mail-oo1-xc2b.google.com (mail-oo1-xc2b.google.com [IPv6:2607:f8b0:4864:20::c2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1E999829C6 for ; Wed, 25 Aug 2021 18:23:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=macroalpha82@gmail.com Received: by mail-oo1-xc2b.google.com with SMTP id z3-20020a4a98430000b029025f4693434bso7764365ooi.3 for ; Wed, 25 Aug 2021 09:23:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=8XNLWxUfan4dJnmTRzhvisiBWQvxyj7+wtvMSTojPro=; b=MMxsVNHzSlhtRavRNXlLtLmhYNhDLQYO0ts+pfoYBWEYNneWL/9hk0E4w8JSNZ+KJI ied9GqzNgyxK+Ea2d92EiILk1Zprg+RYYHK9XlFyNJB4TyD1GTi6WH6sGqr9gBCWBXIV PLLuwU+f+zCYNWo6pkH7YXHcERWn3DAIgR+4ekVxP18Kt2YEvtXNATIebWEO/zljEbQn qbXV4Dwtu9p7LJ8kFwFjdIylTha4vypQ+H95Q+7cA7bSUZG2ZB1XDVjtzZguwA9TiqAB rJ9gnBduaMsoGrKSAs9ZuAd4Hyd3YzfUyuXYEdd1cD9mxZh6rjz5fepwqjBspTBEyBd6 NbAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=8XNLWxUfan4dJnmTRzhvisiBWQvxyj7+wtvMSTojPro=; b=C4YYm/Y6ldlQiDwS6ujUntJPme/Ew6l3Ih8JNnKo4xvrjY2tcWMWxd004HuEApA/bv 43FDlbjmq6uGA2WWCtuusLH7VbozZObMips9UbHyuK9a+9uDt4ZGgodkNW6vKrr5zltO pOY2kEFW/UIF2fV922Q3GZ4kopvgvCx3YrCZbU5x/mWzEz9fOZQCoXJKRiW4ICxZnq/D DVlarpGvP7GVpjZZHh5K1lcBCPaAQ2ApnVVENSgPM0gRd1UimPE+pTHliveQyIRo9ax2 0as5VRRKCjUNFa5f/ZotUXU1l4w4k++tyfEpS6N+GKxhSd4yXH+6cBOZmHAv8XGMi22c iJWw== X-Gm-Message-State: AOAM533kV9ylVjbapEwDE4tW09J97F2x8taYvt/tIMMPDVMGvr/cen/d ViYKAPNMc6EXnP0ZqmSkD1IGt6+BQX0= X-Google-Smtp-Source: ABdhPJyPXXuQI/PlrtOlZchA9/LoePXwuRdJr9k7YsCEknUXnpjg69Hpu7YDIx/ET5eAsdW5kOeN1w== X-Received: by 2002:a4a:e3cf:: with SMTP id m15mr35290168oov.21.1629908585868; Wed, 25 Aug 2021 09:23:05 -0700 (PDT) Received: from wintermute.localdomain (cpe-76-183-134-35.tx.res.rr.com. [76.183.134.35]) by smtp.gmail.com with ESMTPSA id d10sm67551ooj.24.2021.08.25.09.23.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 09:23:05 -0700 (PDT) From: Chris Morgan To: u-boot@lists.denx.de Cc: sjg@chromium.org, xypron.glpk@gmx.de, Chris Morgan Subject: [PATCH 1/2] cmd: kaslrseed: add command to generate value from hwrng Date: Wed, 25 Aug 2021 11:22:57 -0500 Message-Id: <20210825162257.21628-1-macroalpha82@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean From: Chris Morgan Allow the kaslr-seed value in the chosen node to be set from a hardware rng source. Tested on a Rockchip PX30 (Odroid Go Advance), you must have loaded the devicetree first and prepared it for editing. On my device the workflow goes as follows: setenv dtb_loadaddr "0x01f00000" load mmc 0:1 ${dtb_loadaddr} rk3326-odroid-go2.dtb fdt addr ${dtb_loadaddr} fdt resize kaslrseed and the output can be seen here: fdt print /chosen chosen { kaslr-seed = <0x6f61df74 0x6f7b996c>; stdout-path = "serial2:115200n8"; }; Signed-off-by: Chris Morgan --- cmd/Kconfig | 7 +++++ cmd/Makefile | 1 + cmd/kaslrseed.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 cmd/kaslrseed.c diff --git a/cmd/Kconfig b/cmd/Kconfig index ffef3cc76c..e62adff939 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1790,6 +1790,13 @@ config CMD_RNG help Print bytes from the hardware random number generator. +config CMD_KASLRSEED + bool "kaslrseed" + depends on DM_RNG + help + Set the kaslr-seed in the chosen node with entropy provided by a + hardware random number generator. + config CMD_SLEEP bool "sleep" default y diff --git a/cmd/Makefile b/cmd/Makefile index ed3669411e..34cbda72f5 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -131,6 +131,7 @@ obj-$(CONFIG_CMD_REGINFO) += reginfo.o obj-$(CONFIG_CMD_REISER) += reiser.o obj-$(CONFIG_CMD_REMOTEPROC) += remoteproc.o obj-$(CONFIG_CMD_RNG) += rng.o +obj-$(CONFIG_CMD_KASLRSEED) += kaslrseed.o obj-$(CONFIG_CMD_ROCKUSB) += rockusb.o obj-$(CONFIG_CMD_RTC) += rtc.o obj-$(CONFIG_SANDBOX) += host.o diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c new file mode 100644 index 0000000000..27c2648c91 --- /dev/null +++ b/cmd/kaslrseed.c @@ -0,0 +1,81 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * The 'kaslrseed' command takes bytes from the hardware random number + * generator and uses them to set the kaslr-seed value in the chosen node. + * + * Copyright (c) 2021, Chris Morgan + */ + +#include +#include +#include +#include +#include +#include +#include + +static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) +{ + size_t n = 0x8; + struct udevice *dev; + u64 *buf; + int nodeoffset; + int ret = CMD_RET_SUCCESS; + + if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) { + printf("No RNG device\n"); + return CMD_RET_FAILURE; + } + + buf = malloc(n); + if (!buf) { + printf("Out of memory\n"); + return CMD_RET_FAILURE; + } + + if (dm_rng_read(dev, buf, n)) { + printf("Reading RNG failed\n"); + return CMD_RET_FAILURE; + } + + if (!working_fdt) { + printf("No FDT memory address configured. Please configure\n" + "the FDT address via \"fdt addr
\" command.\n" + "Aborting!\n"); + return CMD_RET_FAILURE; + } + + ret = fdt_check_header(working_fdt); + if (ret < 0) { + printf("fdt_chosen: %s\n", fdt_strerror(ret)); + return CMD_RET_FAILURE; + } + + nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen"); + if (nodeoffset < 0) { + printf("Reading chosen node failed\n"); + return CMD_RET_FAILURE; + } + + ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf)); + if (ret < 0) { + printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret)); + return CMD_RET_FAILURE; + } + + free(buf); + + return ret; +} + +#ifdef CONFIG_SYS_LONGHELP +static char kaslrseed_help_text[] = + "[n]\n" + " - append random bytes to chosen kaslr-seed node\n"; +#endif + +U_BOOT_CMD( + kaslrseed, 1, 0, do_kaslr_seed, + "feed bytes from the hardware random number generator to the kaslr-seed", + kaslrseed_help_text +); -- 2.25.1