[PATCH v2 0/4] Populate kaslr seed with TPM

[PATCH v2 0/4] Populate kaslr seed with TPM

[seanedmond]

From: Sean Edmond <seanedmond@microsoft.com>

This patch series creates a common API (fdt_fixup_kaslr_seed()) for 
populating the kaslr seed in the DTB.  Existing users (kaslrseed,
and ARMv8 sec firmware) have been updated to use this common API.

New functionality has been introduced to populate the kaslr using
the TPM interface.  This can be enabled with CONFIG_KASLR_TPM_SEED.  

changes in v2:
- fdt_fixup_kaslr_seed() uses the ofnode API
- Add root_ofnode_from_fdt() to get the root node from an FDT and
  perform error checking on the oftree
- add comments to exported functions
- Add error checking in image_setup_libfdt() for return from
  fdt_tpm_kaslr_seed()
- uclass_get_device() -> uclass_first_device_err()
- Change default config for OFNODE_MULTI_TREE (y if !OF_LIVE)

Dhananjay Phadke (2):
  fdt: common API to populate kaslr seed
  fdt: kaslr seed from tpm entropy

Sean Edmond (2):
  cmd: kaslrseed: Use common API to fixup FDT
  dm: core: Modify default for OFNODE_MULTI_TREE

 arch/arm/cpu/armv8/sec_firmware.c | 39 +++++++++---------------
 boot/image-fdt.c                  | 15 ++++++++++
 cmd/kaslrseed.c                   | 22 +++++---------
 common/fdt_support.c              | 49 +++++++++++++++++++++++++++++++
 drivers/core/Kconfig              |  2 +-
 drivers/core/ofnode.c             | 17 +++++++++++
 include/dm/ofnode.h               | 12 ++++++++
 include/fdt_support.h             | 17 +++++++++++
 lib/Kconfig                       |  9 ++++++
 9 files changed, 142 insertions(+), 40 deletions(-)

-- 
2.40.0

[PATCH v2 1/4] fdt: common API to populate kaslr seed

[seanedmond]

From: Dhananjay Phadke <dphadke@linux.microsoft.com>

fdt_fixup_kaslr_seed() will update given ofnode with random seed value.
Source for random seed can be TPM or RNG driver in u-boot or sec
firmware (ARM).

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Sean Edmond <senaedmond@microsoft.com>
---
 arch/arm/cpu/armv8/sec_firmware.c | 39 +++++++++++--------------------
 common/fdt_support.c              | 19 +++++++++++++++
 drivers/core/ofnode.c             | 17 ++++++++++++++
 include/dm/ofnode.h               | 12 ++++++++++
 include/fdt_support.h             |  9 +++++++
 5 files changed, 71 insertions(+), 25 deletions(-)

diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c
index c0e8726346..5f04cd8aec 100644
--- a/arch/arm/cpu/armv8/sec_firmware.c
+++ b/arch/arm/cpu/armv8/sec_firmware.c
@@ -411,46 +411,35 @@ int sec_firmware_init(const void *sec_firmware_img,
 /*
  * fdt_fix_kaslr - Add kalsr-seed node in Device tree
  * @fdt:		Device tree
- * @eret:		0 in case of error, 1 for success
+ * @eret:		0 for success
  */
 int fdt_fixup_kaslr(void *fdt)
 {
-	int nodeoffset;
-	int err, ret = 0;
-	u8 rand[8];
+	int ret = 0;
 
 #if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)
+	u8 rand[8];
+	ofnode root;
+
 	/* Check if random seed generation is  supported */
 	if (sec_firmware_support_hwrng() == false) {
 		printf("WARNING: SEC firmware not running, no kaslr-seed\n");
-		return 0;
+		return -EOPNOTSUPP;
 	}
 
-	err = sec_firmware_get_random(rand, 8);
-	if (err < 0) {
+	ret = sec_firmware_get_random(rand, 8);
+	if (ret < 0) {
 		printf("WARNING: No random number to set kaslr-seed\n");
-		return 0;
+		return ret;
 	}
 
-	err = fdt_check_header(fdt);
-	if (err < 0) {
-		printf("fdt_chosen: %s\n", fdt_strerror(err));
-		return 0;
+	ret = root_ofnode_from_fdt(fdt, &root);
+	if (ret < 0) {
+		printf("WARNING: Unable to get root ofnode\n");
+		return ret;
 	}
 
-	/* find or create "/chosen" node. */
-	nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen");
-	if (nodeoffset < 0)
-		return 0;
-
-	err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand,
-				  sizeof(rand));
-	if (err < 0) {
-		printf("WARNING: can't set kaslr-seed %s.\n",
-		       fdt_strerror(err));
-		return 0;
-	}
-	ret = 1;
+	ret = fdt_fixup_kaslr_seed(root, rand, sizeof(rand));
 #endif
 
 	return ret;
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 5e49078f8c..52be4375b4 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -631,6 +631,25 @@ void fdt_fixup_ethernet(void *fdt)
 	}
 }
 
+int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
+{
+	ofnode chosen;
+	int ret;
+
+	/* find or create "/chosen" node. */
+	ret = ofnode_add_subnode(node, "chosen", &chosen);
+	if (ret && ret != -EEXIST)
+		return -ENOENT;
+
+	ret = ofnode_write_prop(chosen, "kaslr-seed", seed, len, true);
+	if (ret) {
+		printf("WARNING: can't set kaslr-seed\n");
+		return ret;
+	}
+
+	return 0;
+}
+
 int fdt_record_loadable(void *blob, u32 index, const char *name,
 			uintptr_t load_addr, u32 size, uintptr_t entry_point,
 			const char *type, const char *os, const char *arch)
diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c
index 8df16e56af..4be21133b8 100644
--- a/drivers/core/ofnode.c
+++ b/drivers/core/ofnode.c
@@ -870,6 +870,23 @@ ofnode oftree_path(oftree tree, const char *path)
 	}
 }
 
+int root_ofnode_from_fdt(void *fdt, ofnode *root_node)
+{
+	oftree tree;
+	/* If OFNODE_MULTI_TREE is not set, and if fdt is not the control FDT,
+	 *  oftree_from_fdt() will return NULL
+	 */
+	tree = oftree_from_fdt(fdt);
+
+	if (!oftree_valid(tree)) {
+		printf("Cannot create oftree\n");
+		return -EINVAL;
+	}
+	*root_node = oftree_root(tree);
+
+	return 0;
+}
+
 const void *ofnode_read_chosen_prop(const char *propname, int *sizep)
 {
 	ofnode chosen_node;
diff --git a/include/dm/ofnode.h b/include/dm/ofnode.h
index 0f38b3e736..e79bb62be8 100644
--- a/include/dm/ofnode.h
+++ b/include/dm/ofnode.h
@@ -901,6 +901,18 @@ ofnode oftree_path(oftree tree, const char *path);
  */
 ofnode oftree_root(oftree tree);
 
+/**
+ * root_ofnode_from_fdt() - Gets the root ofnode given an FDT blob.
+ *                          Note, this will fail if OFNODE_MULTI_TREE
+ *                          is not set.
+ *
+ * @fdt: Device tree to use
+ * @root_node : Root ofnode
+ *
+ * Return: 0 if OK, -ve on error
+ */
+int root_ofnode_from_fdt(void *fdt, ofnode *root_node);
+
 /**
  * ofnode_read_chosen_prop() - get the value of a chosen property
  *
diff --git a/include/fdt_support.h b/include/fdt_support.h
index 2cd8366898..d967118bed 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -11,6 +11,7 @@
 	!defined(USE_HOSTCC)
 
 #include <asm/u-boot.h>
+#include <dm/ofnode.h>
 #include <linux/libfdt.h>
 #include <abuf.h>
 
@@ -121,6 +122,14 @@ static inline int fdt_fixup_memory_banks(void *blob, u64 start[], u64 size[],
 #endif
 
 void fdt_fixup_ethernet(void *fdt);
+
+/*
+ * fdt_fixup_kaslr_seed - Add kaslr-seed node in Device tree
+ * @node:		ofnode
+ * @eret:		0 for success
+ */
+int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len);
+
 int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
 			 const void *val, int len, int create);
 void fdt_fixup_qe_firmware(void *fdt);
-- 
2.40.0

Re: [PATCH v2 1/4] fdt: common API to populate kaslr seed

[Simon Glass]

Hi Sean,

On Tue, 29 Aug 2023 at 14:37, <seanedmond@linux.microsoft.com> wrote:
>
> From: Dhananjay Phadke <dphadke@linux.microsoft.com>
>
> fdt_fixup_kaslr_seed() will update given ofnode with random seed value.
> Source for random seed can be TPM or RNG driver in u-boot or sec
> firmware (ARM).
>
> Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
> Signed-off-by: Sean Edmond <senaedmond@microsoft.com>
> ---
>  arch/arm/cpu/armv8/sec_firmware.c | 39 +++++++++++--------------------
>  common/fdt_support.c              | 19 +++++++++++++++
>  drivers/core/ofnode.c             | 17 ++++++++++++++
>  include/dm/ofnode.h               | 12 ++++++++++
>  include/fdt_support.h             |  9 +++++++
>  5 files changed, 71 insertions(+), 25 deletions(-)
>
> diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c
> index c0e8726346..5f04cd8aec 100644
> --- a/arch/arm/cpu/armv8/sec_firmware.c
> +++ b/arch/arm/cpu/armv8/sec_firmware.c
> @@ -411,46 +411,35 @@ int sec_firmware_init(const void *sec_firmware_img,
>  /*
>   * fdt_fix_kaslr - Add kalsr-seed node in Device tree
>   * @fdt:               Device tree
> - * @eret:              0 in case of error, 1 for success
> + * @eret:              0 for success
>   */
>  int fdt_fixup_kaslr(void *fdt)

Is it possible to put this code in an EVT_FT_FIXUP spy? I was rather
hoping not to add new fixup functions.

>  {
> -       int nodeoffset;
> -       int err, ret = 0;
> -       u8 rand[8];
> +       int ret = 0;
>
>  #if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)
> +       u8 rand[8];
> +       ofnode root;
> +
>         /* Check if random seed generation is  supported */
>         if (sec_firmware_support_hwrng() == false) {
>                 printf("WARNING: SEC firmware not running, no kaslr-seed\n");
> -               return 0;
> +               return -EOPNOTSUPP;
>         }
>
> -       err = sec_firmware_get_random(rand, 8);
> -       if (err < 0) {
> +       ret = sec_firmware_get_random(rand, 8);
> +       if (ret < 0) {
>                 printf("WARNING: No random number to set kaslr-seed\n");
> -               return 0;
> +               return ret;
>         }
>
> -       err = fdt_check_header(fdt);
> -       if (err < 0) {
> -               printf("fdt_chosen: %s\n", fdt_strerror(err));
> -               return 0;
> +       ret = root_ofnode_from_fdt(fdt, &root);
> +       if (ret < 0) {
> +               printf("WARNING: Unable to get root ofnode\n");
> +               return ret;
>         }
>
> -       /* find or create "/chosen" node. */
> -       nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen");
> -       if (nodeoffset < 0)
> -               return 0;
> -
> -       err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand,
> -                                 sizeof(rand));
> -       if (err < 0) {
> -               printf("WARNING: can't set kaslr-seed %s.\n",
> -                      fdt_strerror(err));
> -               return 0;
> -       }
> -       ret = 1;
> +       ret = fdt_fixup_kaslr_seed(root, rand, sizeof(rand));
>  #endif
>
>         return ret;
> diff --git a/common/fdt_support.c b/common/fdt_support.c
> index 5e49078f8c..52be4375b4 100644
> --- a/common/fdt_support.c
> +++ b/common/fdt_support.c
> @@ -631,6 +631,25 @@ void fdt_fixup_ethernet(void *fdt)
>         }
>  }
>
> +int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
> +{
> +       ofnode chosen;
> +       int ret;
> +
> +       /* find or create "/chosen" node. */
> +       ret = ofnode_add_subnode(node, "chosen", &chosen);
> +       if (ret && ret != -EEXIST)
> +               return -ENOENT;
> +
> +       ret = ofnode_write_prop(chosen, "kaslr-seed", seed, len, true);
> +       if (ret) {
> +               printf("WARNING: can't set kaslr-seed\n");
> +               return ret;
> +       }
> +
> +       return 0;
> +}
> +
>  int fdt_record_loadable(void *blob, u32 index, const char *name,
>                         uintptr_t load_addr, u32 size, uintptr_t entry_point,
>                         const char *type, const char *os, const char *arch)
> diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c
> index 8df16e56af..4be21133b8 100644
> --- a/drivers/core/ofnode.c
> +++ b/drivers/core/ofnode.c
> @@ -870,6 +870,23 @@ ofnode oftree_path(oftree tree, const char *path)
>         }
>  }
>
> +int root_ofnode_from_fdt(void *fdt, ofnode *root_node)
> +{
> +       oftree tree;
> +       /* If OFNODE_MULTI_TREE is not set, and if fdt is not the control FDT,
> +        *  oftree_from_fdt() will return NULL
> +        */
> +       tree = oftree_from_fdt(fdt);
> +
> +       if (!oftree_valid(tree)) {
> +               printf("Cannot create oftree\n");
> +               return -EINVAL;
> +       }
> +       *root_node = oftree_root(tree);
> +
> +       return 0;
> +}
> +
>  const void *ofnode_read_chosen_prop(const char *propname, int *sizep)
>  {
>         ofnode chosen_node;
> diff --git a/include/dm/ofnode.h b/include/dm/ofnode.h
> index 0f38b3e736..e79bb62be8 100644
> --- a/include/dm/ofnode.h
> +++ b/include/dm/ofnode.h
> @@ -901,6 +901,18 @@ ofnode oftree_path(oftree tree, const char *path);
>   */
>  ofnode oftree_root(oftree tree);
>
> +/**
> + * root_ofnode_from_fdt() - Gets the root ofnode given an FDT blob.
> + *                          Note, this will fail if OFNODE_MULTI_TREE
> + *                          is not set.
> + *
> + * @fdt: Device tree to use
> + * @root_node : Root ofnode
> + *
> + * Return: 0 if OK, -ve on error
> + */
> +int root_ofnode_from_fdt(void *fdt, ofnode *root_node);
> +
>  /**
>   * ofnode_read_chosen_prop() - get the value of a chosen property
>   *
> diff --git a/include/fdt_support.h b/include/fdt_support.h
> index 2cd8366898..d967118bed 100644
> --- a/include/fdt_support.h
> +++ b/include/fdt_support.h
> @@ -11,6 +11,7 @@
>         !defined(USE_HOSTCC)
>
>  #include <asm/u-boot.h>
> +#include <dm/ofnode.h>
>  #include <linux/libfdt.h>
>  #include <abuf.h>
>
> @@ -121,6 +122,14 @@ static inline int fdt_fixup_memory_banks(void *blob, u64 start[], u64 size[],
>  #endif
>
>  void fdt_fixup_ethernet(void *fdt);
> +
> +/*
> + * fdt_fixup_kaslr_seed - Add kaslr-seed node in Device tree
> + * @node:              ofnode
> + * @eret:              0 for success
> + */
> +int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len);
> +
>  int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
>                          const void *val, int len, int create);
>  void fdt_fixup_qe_firmware(void *fdt);
> --
> 2.40.0
>

Regards,
Simon

[PATCH v2 2/4] fdt: kaslr seed from tpm entropy

[seanedmond]

From: Dhananjay Phadke <dphadke@linux.microsoft.com>

Add support for KASLR seed from TPM device. Invokes tpm_get_random()
API to read 8-bytes of random bytes for KASLR.

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Drew Kluemke <ankluemk@microsoft.com>
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
---
 boot/image-fdt.c      | 15 +++++++++++++++
 common/fdt_support.c  | 30 ++++++++++++++++++++++++++++++
 include/fdt_support.h |  8 ++++++++
 lib/Kconfig           |  9 +++++++++
 4 files changed, 62 insertions(+)

diff --git a/boot/image-fdt.c b/boot/image-fdt.c
index f10200f647..ed38ed77b9 100644
--- a/boot/image-fdt.c
+++ b/boot/image-fdt.c
@@ -624,6 +624,21 @@ int image_setup_libfdt(struct bootm_headers *images, void *blob,
 		goto err;
 	}
 
+	if (IS_ENABLED(CONFIG_KASLR_TPM_SEED)) {
+		ofnode root;
+
+		ret = root_ofnode_from_fdt(blob, &root);
+		if (ret) {
+			printf("ERROR: Unable to get root ofnode\n");
+			goto err;
+		}
+		ret = fdt_tpm_kaslr_seed(root);
+		if (ret) {
+			printf("ERROR: fdt fixup KASLR failed: %d\n", ret);
+			goto err;
+		}
+	}
+
 	fdt_ret = optee_copy_fdt_nodes(blob);
 	if (fdt_ret) {
 		printf("ERROR: transfer of optee nodes to new fdt failed: %s\n",
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 52be4375b4..d338fcde54 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -13,6 +13,9 @@
 #include <mapmem.h>
 #include <net.h>
 #include <stdio_dev.h>
+#include <tpm_api.h>
+#include <dm/device.h>
+#include <dm/uclass.h>
 #include <dm/ofnode.h>
 #include <linux/ctype.h>
 #include <linux/types.h>
@@ -650,6 +653,33 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
 	return 0;
 }
 
+int fdt_tpm_kaslr_seed(ofnode node)
+{
+	u8 rand[8] = {0};
+	struct udevice *dev;
+	int ret;
+
+	ret = uclass_first_device_err(UCLASS_TPM, &dev);
+	if (ret) {
+		printf("ERROR: Failed to find TPM device\n");
+		return ret;
+	}
+
+	ret = tpm_get_random(dev, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: TPM GetRandom failed, ret=%d\n", ret);
+		return ret;
+	}
+
+	ret = fdt_fixup_kaslr_seed(node, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: failed to add kaslr-seed to fdt\n");
+		return ret;
+	}
+
+	return 0;
+}
+
 int fdt_record_loadable(void *blob, u32 index, const char *name,
 			uintptr_t load_addr, u32 size, uintptr_t entry_point,
 			const char *type, const char *os, const char *arch)
diff --git a/include/fdt_support.h b/include/fdt_support.h
index d967118bed..117ca14ca5 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -130,6 +130,14 @@ void fdt_fixup_ethernet(void *fdt);
  */
 int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len);
 
+/*
+ * fdt_add_tpm_kaslr_seed - Add kalsr-seed node in Device tree with random
+ *			    bytes from TPM device
+ * @node:		ofnode
+ * @eret:		0 for success
+ */
+int fdt_tpm_kaslr_seed(ofnode node);
+
 int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
 			 const void *val, int len, int create);
 void fdt_fixup_qe_firmware(void *fdt);
diff --git a/lib/Kconfig b/lib/Kconfig
index 3926652db6..1530ef7c86 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -465,6 +465,15 @@ config VPL_TPM
 	  for the low-level TPM interface, but only one TPM is supported at
 	  a time by the TPM library.
 
+config KASLR_TPM_SEED
+	bool "Use TPM for KASLR random seed"
+	depends on TPM_V1 || TPM_V2
+	help
+	  This enables support for using TPMs as entropy source for KASLR seed
+	  populated in kernel's device tree. Both TPMv1 and TPMv2 are supported
+	  for the low-level TPM interface, but only one TPM is supported at
+	  a time by the library.
+
 endmenu
 
 menu "Android Verified Boot"
-- 
2.40.0

Re: [PATCH v2 2/4] fdt: kaslr seed from tpm entropy

[Simon Glass]

Hi Sean,

On Tue, 29 Aug 2023 at 14:37, <seanedmond@linux.microsoft.com> wrote:
>
> From: Dhananjay Phadke <dphadke@linux.microsoft.com>
>
> Add support for KASLR seed from TPM device. Invokes tpm_get_random()
> API to read 8-bytes of random bytes for KASLR.
>
> Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
> Signed-off-by: Drew Kluemke <ankluemk@microsoft.com>
> Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
> ---
>  boot/image-fdt.c      | 15 +++++++++++++++
>  common/fdt_support.c  | 30 ++++++++++++++++++++++++++++++
>  include/fdt_support.h |  8 ++++++++
>  lib/Kconfig           |  9 +++++++++
>  4 files changed, 62 insertions(+)
>
> diff --git a/boot/image-fdt.c b/boot/image-fdt.c
> index f10200f647..ed38ed77b9 100644
> --- a/boot/image-fdt.c
> +++ b/boot/image-fdt.c
> @@ -624,6 +624,21 @@ int image_setup_libfdt(struct bootm_headers *images, void *blob,
>                 goto err;
>         }
>
> +       if (IS_ENABLED(CONFIG_KASLR_TPM_SEED)) {
> +               ofnode root;
> +
> +               ret = root_ofnode_from_fdt(blob, &root);

But can't you drop all this code and use an event spy?

> +               if (ret) {
> +                       printf("ERROR: Unable to get root ofnode\n");
> +                       goto err;
> +               }
> +               ret = fdt_tpm_kaslr_seed(root);

This function can have a test.

> +               if (ret) {
> +                       printf("ERROR: fdt fixup KASLR failed: %d\n", ret);
> +                       goto err;
> +               }
> +       }
> +
>         fdt_ret = optee_copy_fdt_nodes(blob);
>         if (fdt_ret) {
>                 printf("ERROR: transfer of optee nodes to new fdt failed: %s\n",
> diff --git a/common/fdt_support.c b/common/fdt_support.c
> index 52be4375b4..d338fcde54 100644
> --- a/common/fdt_support.c
> +++ b/common/fdt_support.c
> @@ -13,6 +13,9 @@
>  #include <mapmem.h>
>  #include <net.h>
>  #include <stdio_dev.h>
> +#include <tpm_api.h>
> +#include <dm/device.h>
> +#include <dm/uclass.h>
>  #include <dm/ofnode.h>
>  #include <linux/ctype.h>
>  #include <linux/types.h>
> @@ -650,6 +653,33 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
>         return 0;
>  }
>
> +int fdt_tpm_kaslr_seed(ofnode node)
> +{
> +       u8 rand[8] = {0};
> +       struct udevice *dev;
> +       int ret;
> +
> +       ret = uclass_first_device_err(UCLASS_TPM, &dev);
> +       if (ret) {
> +               printf("ERROR: Failed to find TPM device\n");
> +               return ret;
> +       }
> +
> +       ret = tpm_get_random(dev, rand, sizeof(rand));
> +       if (ret) {
> +               printf("ERROR: TPM GetRandom failed, ret=%d\n", ret);
> +               return ret;
> +       }
> +
> +       ret = fdt_fixup_kaslr_seed(node, rand, sizeof(rand));
> +       if (ret) {
> +               printf("ERROR: failed to add kaslr-seed to fdt\n");
> +               return ret;
> +       }
> +
> +       return 0;
> +}
> +
>  int fdt_record_loadable(void *blob, u32 index, const char *name,
>                         uintptr_t load_addr, u32 size, uintptr_t entry_point,
>                         const char *type, const char *os, const char *arch)
> diff --git a/include/fdt_support.h b/include/fdt_support.h
> index d967118bed..117ca14ca5 100644
> --- a/include/fdt_support.h
> +++ b/include/fdt_support.h
> @@ -130,6 +130,14 @@ void fdt_fixup_ethernet(void *fdt);
>   */
>  int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len);
>
> +/*
> + * fdt_add_tpm_kaslr_seed - Add kalsr-seed node in Device tree with random
> + *                         bytes from TPM device
> + * @node:              ofnode
> + * @eret:              0 for success
> + */
> +int fdt_tpm_kaslr_seed(ofnode node);
> +
>  int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
>                          const void *val, int len, int create);
>  void fdt_fixup_qe_firmware(void *fdt);
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 3926652db6..1530ef7c86 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -465,6 +465,15 @@ config VPL_TPM
>           for the low-level TPM interface, but only one TPM is supported at
>           a time by the TPM library.
>
> +config KASLR_TPM_SEED
> +       bool "Use TPM for KASLR random seed"
> +       depends on TPM_V1 || TPM_V2
> +       help
> +         This enables support for using TPMs as entropy source for KASLR seed
> +         populated in kernel's device tree. Both TPMv1 and TPMv2 are supported
> +         for the low-level TPM interface, but only one TPM is supported at
> +         a time by the library.
> +
>  endmenu
>
>  menu "Android Verified Boot"
> --
> 2.40.0
>

Regards,
Simon

[PATCH v2 3/4] cmd: kaslrseed: Use common API to fixup FDT

[seanedmond]

From: Sean Edmond <seanedmond@microsoft.com>

Use the newly introduced common API fdt_fixup_kaslr_seed() in the
kaslrseed command.

Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
---
 cmd/kaslrseed.c | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
index 8a1d8120cd..c65607619b 100644
--- a/cmd/kaslrseed.c
+++ b/cmd/kaslrseed.c
@@ -19,7 +19,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
 	size_t n = 0x8;
 	struct udevice *dev;
 	u64 *buf;
-	int nodeoffset;
+	ofnode root;
 	int ret = CMD_RET_SUCCESS;
 
 	if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
@@ -45,21 +45,15 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
 		return CMD_RET_FAILURE;
 	}
 
-	ret = fdt_check_header(working_fdt);
-	if (ret < 0) {
-		printf("fdt_chosen: %s\n", fdt_strerror(ret));
-		return CMD_RET_FAILURE;
-	}
-
-	nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
-	if (nodeoffset < 0) {
-		printf("Reading chosen node failed\n");
-		return CMD_RET_FAILURE;
+	ret = root_ofnode_from_fdt(working_fdt, &root);
+	if (ret) {
+		printf("ERROR: Unable to get root ofnode\n");
+		goto CMD_RET_FAILURE;
 	}
 
-	ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
-	if (ret < 0) {
-		printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
+	ret = fdt_fixup_kaslr_seed(root, buf, sizeof(buf));
+	if (ret) {
+		printf("ERROR: failed to add kaslr-seed to fdt\n");
 		return CMD_RET_FAILURE;
 	}
 
-- 
2.40.0

Re: [PATCH v2 3/4] cmd: kaslrseed: Use common API to fixup FDT

[Simon Glass]

Hi Sean,

On Tue, 29 Aug 2023 at 14:37, <seanedmond@linux.microsoft.com> wrote:
>
> From: Sean Edmond <seanedmond@microsoft.com>
>
> Use the newly introduced common API fdt_fixup_kaslr_seed() in the
> kaslrseed command.
>
> Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
> ---
>  cmd/kaslrseed.c | 22 ++++++++--------------
>  1 file changed, 8 insertions(+), 14 deletions(-)
>
> diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> index 8a1d8120cd..c65607619b 100644
> --- a/cmd/kaslrseed.c
> +++ b/cmd/kaslrseed.c
> @@ -19,7 +19,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
>         size_t n = 0x8;
>         struct udevice *dev;
>         u64 *buf;
> -       int nodeoffset;
> +       ofnode root;
>         int ret = CMD_RET_SUCCESS;
>
>         if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> @@ -45,21 +45,15 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
>                 return CMD_RET_FAILURE;
>         }
>
> -       ret = fdt_check_header(working_fdt);
> -       if (ret < 0) {
> -               printf("fdt_chosen: %s\n", fdt_strerror(ret));
> -               return CMD_RET_FAILURE;
> -       }
> -
> -       nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> -       if (nodeoffset < 0) {
> -               printf("Reading chosen node failed\n");
> -               return CMD_RET_FAILURE;
> +       ret = root_ofnode_from_fdt(working_fdt, &root);
> +       if (ret) {
> +               printf("ERROR: Unable to get root ofnode\n");
> +               goto CMD_RET_FAILURE;
>         }
>
> -       ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> -       if (ret < 0) {
> -               printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
> +       ret = fdt_fixup_kaslr_seed(root, buf, sizeof(buf));
> +       if (ret) {
> +               printf("ERROR: failed to add kaslr-seed to fdt\n");
>                 return CMD_RET_FAILURE;
>         }

Reviewed-by: Simon Glass <sjg@chromium.org>

So this command is intended to be used in a script? I am just trying
to understand why we have the fixup code as well as this.

Regards,
Simon

Re: [PATCH v2 3/4] cmd: kaslrseed: Use common API to fixup FDT

[Chris Morgan]

On Thu, Aug 31, 2023 at 01:02:02PM -0600, Simon Glass wrote:
> Hi Sean,
> 
> On Tue, 29 Aug 2023 at 14:37, <seanedmond@linux.microsoft.com> wrote:
> >
> > From: Sean Edmond <seanedmond@microsoft.com>
> >
> > Use the newly introduced common API fdt_fixup_kaslr_seed() in the
> > kaslrseed command.
> >
> > Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
> > ---
> >  cmd/kaslrseed.c | 22 ++++++++--------------
> >  1 file changed, 8 insertions(+), 14 deletions(-)
> >
> > diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> > index 8a1d8120cd..c65607619b 100644
> > --- a/cmd/kaslrseed.c
> > +++ b/cmd/kaslrseed.c
> > @@ -19,7 +19,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >         size_t n = 0x8;
> >         struct udevice *dev;
> >         u64 *buf;
> > -       int nodeoffset;
> > +       ofnode root;
> >         int ret = CMD_RET_SUCCESS;
> >
> >         if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > @@ -45,21 +45,15 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >                 return CMD_RET_FAILURE;
> >         }
> >
> > -       ret = fdt_check_header(working_fdt);
> > -       if (ret < 0) {
> > -               printf("fdt_chosen: %s\n", fdt_strerror(ret));
> > -               return CMD_RET_FAILURE;
> > -       }
> > -
> > -       nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> > -       if (nodeoffset < 0) {
> > -               printf("Reading chosen node failed\n");
> > -               return CMD_RET_FAILURE;
> > +       ret = root_ofnode_from_fdt(working_fdt, &root);
> > +       if (ret) {
> > +               printf("ERROR: Unable to get root ofnode\n");
> > +               goto CMD_RET_FAILURE;
> >         }
> >
> > -       ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> > -       if (ret < 0) {
> > -               printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
> > +       ret = fdt_fixup_kaslr_seed(root, buf, sizeof(buf));
> > +       if (ret) {
> > +               printf("ERROR: failed to add kaslr-seed to fdt\n");
> >                 return CMD_RET_FAILURE;
> >         }
> 
> Reviewed-by: Simon Glass <sjg@chromium.org>
> 
> So this command is intended to be used in a script? I am just trying
> to understand why we have the fixup code as well as this.
> 
> Regards,
> Simon

This command is intended to be used in a script, I wrote it as a
command a while ago and thought it might be useful for others so I
pushed it upstream. Since then I've started applying a kaslrseed value
with a fixup (basically copying what the rng-seed fixup does) so I
don't have to do anything special with my boot.scr files.

I'm perfectly fine with either eliminating this command all together,
or making it use a software RNG (again I can't speak to the security
implications of this, as I'm not a security guy). I can just start
adding the kaslr-seed in the board files anyway.

Thank you,
Chris

Re: [PATCH v2 3/4] cmd: kaslrseed: Use common API to fixup FDT

[Simon Glass]

Hi Chris,

On Thu, 7 Sept 2023 at 09:45, Chris Morgan <macromorgan@hotmail.com> wrote:
>
> On Thu, Aug 31, 2023 at 01:02:02PM -0600, Simon Glass wrote:
> > Hi Sean,
> >
> > On Tue, 29 Aug 2023 at 14:37, <seanedmond@linux.microsoft.com> wrote:
> > >
> > > From: Sean Edmond <seanedmond@microsoft.com>
> > >
> > > Use the newly introduced common API fdt_fixup_kaslr_seed() in the
> > > kaslrseed command.
> > >
> > > Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
> > > ---
> > >  cmd/kaslrseed.c | 22 ++++++++--------------
> > >  1 file changed, 8 insertions(+), 14 deletions(-)
> > >
> > > diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> > > index 8a1d8120cd..c65607619b 100644
> > > --- a/cmd/kaslrseed.c
> > > +++ b/cmd/kaslrseed.c
> > > @@ -19,7 +19,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> > >         size_t n = 0x8;
> > >         struct udevice *dev;
> > >         u64 *buf;
> > > -       int nodeoffset;
> > > +       ofnode root;
> > >         int ret = CMD_RET_SUCCESS;
> > >
> > >         if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > > @@ -45,21 +45,15 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> > >                 return CMD_RET_FAILURE;
> > >         }
> > >
> > > -       ret = fdt_check_header(working_fdt);
> > > -       if (ret < 0) {
> > > -               printf("fdt_chosen: %s\n", fdt_strerror(ret));
> > > -               return CMD_RET_FAILURE;
> > > -       }
> > > -
> > > -       nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> > > -       if (nodeoffset < 0) {
> > > -               printf("Reading chosen node failed\n");
> > > -               return CMD_RET_FAILURE;
> > > +       ret = root_ofnode_from_fdt(working_fdt, &root);
> > > +       if (ret) {
> > > +               printf("ERROR: Unable to get root ofnode\n");
> > > +               goto CMD_RET_FAILURE;
> > >         }
> > >
> > > -       ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
> > > -       if (ret < 0) {
> > > -               printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
> > > +       ret = fdt_fixup_kaslr_seed(root, buf, sizeof(buf));
> > > +       if (ret) {
> > > +               printf("ERROR: failed to add kaslr-seed to fdt\n");
> > >                 return CMD_RET_FAILURE;
> > >         }
> >
> > Reviewed-by: Simon Glass <sjg@chromium.org>
> >
> > So this command is intended to be used in a script? I am just trying
> > to understand why we have the fixup code as well as this.
> >
> > Regards,
> > Simon
>
> This command is intended to be used in a script, I wrote it as a
> command a while ago and thought it might be useful for others so I
> pushed it upstream. Since then I've started applying a kaslrseed value
> with a fixup (basically copying what the rng-seed fixup does) so I
> don't have to do anything special with my boot.scr files.
>
> I'm perfectly fine with either eliminating this command all together,
> or making it use a software RNG (again I can't speak to the security
> implications of this, as I'm not a security guy). I can just start
> adding the kaslr-seed in the board files anyway.

The command seems fine to me.

Regards,
Simon

[PATCH v2 4/4] dm: core: Modify default for OFNODE_MULTI_TREE

[seanedmond]

From: Sean Edmond <seanedmond@microsoft.com>

There is a preference to use the "ofnode" API for FDT fixups
moving forward.  The FDT fixup will usually be for the kernel FDT.  To
fixup the kernel FDT with the ofnode API, it's required to set the
OFNODE_MULTI_TREE option.

To ensure existing users of kaslr fdt fixup are not impacted, Let's modify
the default value for OFNODE_MULTI_TREE to ensure it's always set if
!OF_LIVE.  This will cause a 1007 byte increase in the code size.

Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
---
 drivers/core/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/core/Kconfig b/drivers/core/Kconfig
index f0d848f45d..38e44ef6fc 100644
--- a/drivers/core/Kconfig
+++ b/drivers/core/Kconfig
@@ -424,7 +424,7 @@ config DM_DEV_READ_INLINE
 
 config OFNODE_MULTI_TREE
 	bool "Allow the ofnode interface to access any tree"
-	default y if EVENT && !DM_DEV_READ_INLINE && !DM_INLINE_OFNODE
+	default y if !OF_LIVE
 	help
 	  Normally U-Boot makes use of its control FDT, the one used to bind
 	  devices and provide options. In some cases, U-Boot must also process
-- 
2.40.0

Re: [PATCH v2 4/4] dm: core: Modify default for OFNODE_MULTI_TREE

[Simon Glass]

On Tue, 29 Aug 2023 at 14:37, <seanedmond@linux.microsoft.com> wrote:
>
> From: Sean Edmond <seanedmond@microsoft.com>
>
> There is a preference to use the "ofnode" API for FDT fixups
> moving forward.  The FDT fixup will usually be for the kernel FDT.  To
> fixup the kernel FDT with the ofnode API, it's required to set the
> OFNODE_MULTI_TREE option.
>
> To ensure existing users of kaslr fdt fixup are not impacted, Let's modify
> the default value for OFNODE_MULTI_TREE to ensure it's always set if
> !OF_LIVE.  This will cause a 1007 byte increase in the code size.

Interestingly, this option is not needed if we can pass the control
DTB to Linux, But at least for now, we don't know that a priori.

>
> Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
> ---
>  drivers/core/Kconfig | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

>
> diff --git a/drivers/core/Kconfig b/drivers/core/Kconfig
> index f0d848f45d..38e44ef6fc 100644
> --- a/drivers/core/Kconfig
> +++ b/drivers/core/Kconfig
> @@ -424,7 +424,7 @@ config DM_DEV_READ_INLINE
>
>  config OFNODE_MULTI_TREE
>         bool "Allow the ofnode interface to access any tree"
> -       default y if EVENT && !DM_DEV_READ_INLINE && !DM_INLINE_OFNODE
> +       default y if !OF_LIVE
>         help
>           Normally U-Boot makes use of its control FDT, the one used to bind
>           devices and provide options. In some cases, U-Boot must also process
> --
> 2.40.0
>

Regards,
Simon

[PATCH 1/4] fdt: common API to populate kaslr seed

[seanedmond]

From: Dhananjay Phadke <dphadke@linux.microsoft.com>

fdt_fixup_kaslr_seed() will update given FDT with random seed value.
Source for random seed can be TPM or RNG driver in u-boot or sec
firmware (ARM).

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Sean Edmond <senaedmond@microsoft.com>
---
 arch/arm/cpu/armv8/sec_firmware.c | 39 +++++++++++--------------------
 common/fdt_support.c              | 19 +++++++++++++++
 drivers/core/ofnode.c             | 17 ++++++++++++++
 include/dm/ofnode.h               | 12 ++++++++++
 include/fdt_support.h             |  9 +++++++
 5 files changed, 71 insertions(+), 25 deletions(-)

diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c
index c0e8726346..5f04cd8aec 100644
--- a/arch/arm/cpu/armv8/sec_firmware.c
+++ b/arch/arm/cpu/armv8/sec_firmware.c
@@ -411,46 +411,35 @@ int sec_firmware_init(const void *sec_firmware_img,
 /*
  * fdt_fix_kaslr - Add kalsr-seed node in Device tree
  * @fdt:		Device tree
- * @eret:		0 in case of error, 1 for success
+ * @eret:		0 for success
  */
 int fdt_fixup_kaslr(void *fdt)
 {
-	int nodeoffset;
-	int err, ret = 0;
-	u8 rand[8];
+	int ret = 0;
 
 #if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)
+	u8 rand[8];
+	ofnode root;
+
 	/* Check if random seed generation is  supported */
 	if (sec_firmware_support_hwrng() == false) {
 		printf("WARNING: SEC firmware not running, no kaslr-seed\n");
-		return 0;
+		return -EOPNOTSUPP;
 	}
 
-	err = sec_firmware_get_random(rand, 8);
-	if (err < 0) {
+	ret = sec_firmware_get_random(rand, 8);
+	if (ret < 0) {
 		printf("WARNING: No random number to set kaslr-seed\n");
-		return 0;
+		return ret;
 	}
 
-	err = fdt_check_header(fdt);
-	if (err < 0) {
-		printf("fdt_chosen: %s\n", fdt_strerror(err));
-		return 0;
+	ret = root_ofnode_from_fdt(fdt, &root);
+	if (ret < 0) {
+		printf("WARNING: Unable to get root ofnode\n");
+		return ret;
 	}
 
-	/* find or create "/chosen" node. */
-	nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen");
-	if (nodeoffset < 0)
-		return 0;
-
-	err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand,
-				  sizeof(rand));
-	if (err < 0) {
-		printf("WARNING: can't set kaslr-seed %s.\n",
-		       fdt_strerror(err));
-		return 0;
-	}
-	ret = 1;
+	ret = fdt_fixup_kaslr_seed(root, rand, sizeof(rand));
 #endif
 
 	return ret;
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 5e49078f8c..52be4375b4 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -631,6 +631,25 @@ void fdt_fixup_ethernet(void *fdt)
 	}
 }
 
+int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
+{
+	ofnode chosen;
+	int ret;
+
+	/* find or create "/chosen" node. */
+	ret = ofnode_add_subnode(node, "chosen", &chosen);
+	if (ret && ret != -EEXIST)
+		return -ENOENT;
+
+	ret = ofnode_write_prop(chosen, "kaslr-seed", seed, len, true);
+	if (ret) {
+		printf("WARNING: can't set kaslr-seed\n");
+		return ret;
+	}
+
+	return 0;
+}
+
 int fdt_record_loadable(void *blob, u32 index, const char *name,
 			uintptr_t load_addr, u32 size, uintptr_t entry_point,
 			const char *type, const char *os, const char *arch)
diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c
index 8df16e56af..4be21133b8 100644
--- a/drivers/core/ofnode.c
+++ b/drivers/core/ofnode.c
@@ -870,6 +870,23 @@ ofnode oftree_path(oftree tree, const char *path)
 	}
 }
 
+int root_ofnode_from_fdt(void *fdt, ofnode *root_node)
+{
+	oftree tree;
+	/* If OFNODE_MULTI_TREE is not set, and if fdt is not the control FDT,
+	 *  oftree_from_fdt() will return NULL
+	 */
+	tree = oftree_from_fdt(fdt);
+
+	if (!oftree_valid(tree)) {
+		printf("Cannot create oftree\n");
+		return -EINVAL;
+	}
+	*root_node = oftree_root(tree);
+
+	return 0;
+}
+
 const void *ofnode_read_chosen_prop(const char *propname, int *sizep)
 {
 	ofnode chosen_node;
diff --git a/include/dm/ofnode.h b/include/dm/ofnode.h
index 0f38b3e736..e79bb62be8 100644
--- a/include/dm/ofnode.h
+++ b/include/dm/ofnode.h
@@ -901,6 +901,18 @@ ofnode oftree_path(oftree tree, const char *path);
  */
 ofnode oftree_root(oftree tree);
 
+/**
+ * root_ofnode_from_fdt() - Gets the root ofnode given an FDT blob.
+ *                          Note, this will fail if OFNODE_MULTI_TREE
+ *                          is not set.
+ *
+ * @fdt: Device tree to use
+ * @root_node : Root ofnode
+ *
+ * Return: 0 if OK, -ve on error
+ */
+int root_ofnode_from_fdt(void *fdt, ofnode *root_node);
+
 /**
  * ofnode_read_chosen_prop() - get the value of a chosen property
  *
diff --git a/include/fdt_support.h b/include/fdt_support.h
index 2cd8366898..d967118bed 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -11,6 +11,7 @@
 	!defined(USE_HOSTCC)
 
 #include <asm/u-boot.h>
+#include <dm/ofnode.h>
 #include <linux/libfdt.h>
 #include <abuf.h>
 
@@ -121,6 +122,14 @@ static inline int fdt_fixup_memory_banks(void *blob, u64 start[], u64 size[],
 #endif
 
 void fdt_fixup_ethernet(void *fdt);
+
+/*
+ * fdt_fixup_kaslr_seed - Add kaslr-seed node in Device tree
+ * @node:		ofnode
+ * @eret:		0 for success
+ */
+int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len);
+
 int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
 			 const void *val, int len, int create);
 void fdt_fixup_qe_firmware(void *fdt);
-- 
2.40.0

[PATCH v2 1/4] fdt: common API to populate kaslr seed

[seanedmond]

From: Dhananjay Phadke <dphadke@linux.microsoft.com>

fdt_fixup_kaslr_seed() will update given ofnode with random seed value.
Source for random seed can be TPM or RNG driver in u-boot or sec
firmware (ARM).

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Sean Edmond <senaedmond@microsoft.com>
---
 arch/arm/cpu/armv8/sec_firmware.c | 39 +++++++++++--------------------
 common/fdt_support.c              | 19 +++++++++++++++
 drivers/core/ofnode.c             | 17 ++++++++++++++
 include/dm/ofnode.h               | 12 ++++++++++
 include/fdt_support.h             |  9 +++++++
 5 files changed, 71 insertions(+), 25 deletions(-)

diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c
index c0e8726346..5f04cd8aec 100644
--- a/arch/arm/cpu/armv8/sec_firmware.c
+++ b/arch/arm/cpu/armv8/sec_firmware.c
@@ -411,46 +411,35 @@ int sec_firmware_init(const void *sec_firmware_img,
 /*
  * fdt_fix_kaslr - Add kalsr-seed node in Device tree
  * @fdt:		Device tree
- * @eret:		0 in case of error, 1 for success
+ * @eret:		0 for success
  */
 int fdt_fixup_kaslr(void *fdt)
 {
-	int nodeoffset;
-	int err, ret = 0;
-	u8 rand[8];
+	int ret = 0;
 
 #if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)
+	u8 rand[8];
+	ofnode root;
+
 	/* Check if random seed generation is  supported */
 	if (sec_firmware_support_hwrng() == false) {
 		printf("WARNING: SEC firmware not running, no kaslr-seed\n");
-		return 0;
+		return -EOPNOTSUPP;
 	}
 
-	err = sec_firmware_get_random(rand, 8);
-	if (err < 0) {
+	ret = sec_firmware_get_random(rand, 8);
+	if (ret < 0) {
 		printf("WARNING: No random number to set kaslr-seed\n");
-		return 0;
+		return ret;
 	}
 
-	err = fdt_check_header(fdt);
-	if (err < 0) {
-		printf("fdt_chosen: %s\n", fdt_strerror(err));
-		return 0;
+	ret = root_ofnode_from_fdt(fdt, &root);
+	if (ret < 0) {
+		printf("WARNING: Unable to get root ofnode\n");
+		return ret;
 	}
 
-	/* find or create "/chosen" node. */
-	nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen");
-	if (nodeoffset < 0)
-		return 0;
-
-	err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand,
-				  sizeof(rand));
-	if (err < 0) {
-		printf("WARNING: can't set kaslr-seed %s.\n",
-		       fdt_strerror(err));
-		return 0;
-	}
-	ret = 1;
+	ret = fdt_fixup_kaslr_seed(root, rand, sizeof(rand));
 #endif
 
 	return ret;
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 5e49078f8c..52be4375b4 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -631,6 +631,25 @@ void fdt_fixup_ethernet(void *fdt)
 	}
 }
 
+int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
+{
+	ofnode chosen;
+	int ret;
+
+	/* find or create "/chosen" node. */
+	ret = ofnode_add_subnode(node, "chosen", &chosen);
+	if (ret && ret != -EEXIST)
+		return -ENOENT;
+
+	ret = ofnode_write_prop(chosen, "kaslr-seed", seed, len, true);
+	if (ret) {
+		printf("WARNING: can't set kaslr-seed\n");
+		return ret;
+	}
+
+	return 0;
+}
+
 int fdt_record_loadable(void *blob, u32 index, const char *name,
 			uintptr_t load_addr, u32 size, uintptr_t entry_point,
 			const char *type, const char *os, const char *arch)
diff --git a/drivers/core/ofnode.c b/drivers/core/ofnode.c
index 8df16e56af..4be21133b8 100644
--- a/drivers/core/ofnode.c
+++ b/drivers/core/ofnode.c
@@ -870,6 +870,23 @@ ofnode oftree_path(oftree tree, const char *path)
 	}
 }
 
+int root_ofnode_from_fdt(void *fdt, ofnode *root_node)
+{
+	oftree tree;
+	/* If OFNODE_MULTI_TREE is not set, and if fdt is not the control FDT,
+	 *  oftree_from_fdt() will return NULL
+	 */
+	tree = oftree_from_fdt(fdt);
+
+	if (!oftree_valid(tree)) {
+		printf("Cannot create oftree\n");
+		return -EINVAL;
+	}
+	*root_node = oftree_root(tree);
+
+	return 0;
+}
+
 const void *ofnode_read_chosen_prop(const char *propname, int *sizep)
 {
 	ofnode chosen_node;
diff --git a/include/dm/ofnode.h b/include/dm/ofnode.h
index 0f38b3e736..e79bb62be8 100644
--- a/include/dm/ofnode.h
+++ b/include/dm/ofnode.h
@@ -901,6 +901,18 @@ ofnode oftree_path(oftree tree, const char *path);
  */
 ofnode oftree_root(oftree tree);
 
+/**
+ * root_ofnode_from_fdt() - Gets the root ofnode given an FDT blob.
+ *                          Note, this will fail if OFNODE_MULTI_TREE
+ *                          is not set.
+ *
+ * @fdt: Device tree to use
+ * @root_node : Root ofnode
+ *
+ * Return: 0 if OK, -ve on error
+ */
+int root_ofnode_from_fdt(void *fdt, ofnode *root_node);
+
 /**
  * ofnode_read_chosen_prop() - get the value of a chosen property
  *
diff --git a/include/fdt_support.h b/include/fdt_support.h
index 2cd8366898..d967118bed 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -11,6 +11,7 @@
 	!defined(USE_HOSTCC)
 
 #include <asm/u-boot.h>
+#include <dm/ofnode.h>
 #include <linux/libfdt.h>
 #include <abuf.h>
 
@@ -121,6 +122,14 @@ static inline int fdt_fixup_memory_banks(void *blob, u64 start[], u64 size[],
 #endif
 
 void fdt_fixup_ethernet(void *fdt);
+
+/*
+ * fdt_fixup_kaslr_seed - Add kaslr-seed node in Device tree
+ * @node:		ofnode
+ * @eret:		0 for success
+ */
+int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len);
+
 int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
 			 const void *val, int len, int create);
 void fdt_fixup_qe_firmware(void *fdt);
-- 
2.40.0