[PATCH v3 2/5] fdt: kaslr seed from RNG device

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: seanedmond@linux.microsoft.com
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, dphadke@linux.microsoft.com,
	ilias.apalodimas@linaro.org
Subject: [PATCH v3 2/5] fdt: kaslr seed from RNG device
Date: Tue, 12 Sep 2023 14:35:01 -0700	[thread overview]
Message-ID: <20230912213504.65513-3-seanedmond@linux.microsoft.com> (raw)
In-Reply-To: <20230912213504.65513-1-seanedmond@linux.microsoft.com>

From: Dhananjay Phadke <dphadke@linux.microsoft.com>

Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
API to read 8-bytes of random bytes.  Performs the FDT fixup using event
spy.  To enable use CONFIG_KASLR_RNG_SEED

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Drew Kluemke <ankluemk@microsoft.com>
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
---
 common/fdt_support.c | 36 ++++++++++++++++++++++++++++++++++++
 lib/Kconfig          |  7 +++++++
 2 files changed, 43 insertions(+)

diff --git a/common/fdt_support.c b/common/fdt_support.c
index 52be4375b4..09ce582865 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -12,7 +12,10 @@
 #include <log.h>
 #include <mapmem.h>
 #include <net.h>
+#include <rng.h>
 #include <stdio_dev.h>
+#include <dm/device.h>
+#include <dm/uclass.h>
 #include <dm/ofnode.h>
 #include <linux/ctype.h>
 #include <linux/types.h>
@@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
 	return 0;
 }
 
+int fdt_rng_kaslr_seed(void *ctx, struct event *event)
+{
+	u8 rand[8] = {0};
+	struct udevice *dev;
+	int ret;
+	oftree tree = event->data.ft_fixup.tree;
+	ofnode root_node = oftree_root(tree);
+
+	ret = uclass_first_device_err(UCLASS_RNG, &dev);
+	if (ret) {
+		printf("ERROR: Failed to find RNG device\n");
+		return ret;
+	}
+
+	ret = dm_rng_read(dev, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: RNG read failed, ret=%d\n", ret);
+		return ret;
+	}
+
+	ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
+	if (ret) {
+		printf("ERROR: failed to add kaslr-seed to fdt\n");
+		return ret;
+	}
+
+	return 0;
+}
+
+#if defined(CONFIG_KASLR_RNG_SEED)
+EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
+#endif
+
 int fdt_record_loadable(void *blob, u32 index, const char *name,
 			uintptr_t load_addr, u32 size, uintptr_t entry_point,
 			const char *type, const char *os, const char *arch)
diff --git a/lib/Kconfig b/lib/Kconfig
index 3926652db6..545a14343e 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -465,6 +465,13 @@ config VPL_TPM
 	  for the low-level TPM interface, but only one TPM is supported at
 	  a time by the TPM library.
 
+config KASLR_RNG_SEED
+	bool "Use RNG driver for KASLR random seed"
+	depends on DM_RNG
+	help
+	  This enables support for using the RNG driver as entropy source for
+	  KASLR seed populated in kernel's device tree.
+
 endmenu
 
 menu "Android Verified Boot"
-- 
2.40.0

next prev parent reply	other threads:[~2023-09-12 21:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-12 21:34 [PATCH v3 0/5] Populate kaslr seed with RNG seanedmond
2023-09-12 21:35 ` [PATCH v3 1/5] fdt: common API to populate kaslr seed seanedmond
2023-09-21  1:02   ` Simon Glass
2023-09-12 21:35 ` seanedmond [this message]
2023-09-21  1:02   ` [PATCH v3 2/5] fdt: kaslr seed from RNG device Simon Glass
2023-09-12 21:35 ` [PATCH v3 3/5] cmd: kaslrseed: Use common API to fixup FDT seanedmond
2023-09-21  1:02   ` Simon Glass
2023-09-12 21:35 ` [PATCH v3 4/5] dm: core: Modify default for OFNODE_MULTI_TREE seanedmond
2023-09-21  1:03   ` Simon Glass
2023-11-02 22:06   ` Tom Rini
2023-09-12 21:35 ` [PATCH v3 5/5] fdt: Fix compile error for !OFNODE_MULTI_TREE seanedmond
2023-09-21  1:03   ` Simon Glass

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:52be4375b dfblob:09ce58286 dfblob:3926652db dfblob:545a14343 )
 OR (
bs:"[PATCH v3 2/5] fdt: kaslr seed from RNG device" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230912213504.65513-3-seanedmond@linux.microsoft.com \
    --to=seanedmond@linux.microsoft.com \
    --cc=dphadke@linux.microsoft.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox