| Message ID | 20240530220634.155951-1-tharvey@gateworks.com |
|---|---|
| Headers | show |
| Series | automatically add /chosen/kaslr-seed and deduplicate code | expand |
On Thu, May 30, 2024 at 03:06:31PM -0700, Tim Harvey wrote: > This series will automatically add /chosen/kaslr-seed to the dt if DM_RNG is enabled > during the boot process. > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to > randomize the virtual address at which the kernel image is loaded, it > expects entropy to be provided by the bootloader by populating > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. > > If we have DM_RNG enabled populate this value automatically when > fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT > is enabled as its implementation uses a different source of entropy > that is not yet implemented as DM_RNG. We also skip this if > MEASURED_BOOT is enabled as in that case any modifications to the > dt will cause measured boot to fail (although there are many other > places the dt is altered). > > As this fdt node is added elsewhere create a library function and > use it to deduplicate code. We will provide a parameter to overwrite > the node if present. > > For our automatic injection, we will use the first rng device and > not overwrite if already present with a non-zero value (which may > have been populated by an earlier boot stage). This way if a board > specific ft_board_setup() function wants to customize this behavior > it can call fdt_kaslrseed with a rng device index of its choosing and > set overwrite true. > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now > but left in place in case boot scripts exist that rely on this command > existing and returning success. An informational message is printed to > alert users of this command that it is likely no longer needed. > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for > randomization and completely ignores the kaslr-seed for its own > randomness needs (i.e the randomization of the physical placement of > the kernel). It gets weeded out from the DTB that gets handed over via > efi_install_fdt() as it would also mess up the measured boot DTB TPM > measurements as well. This needs to be reworked / update the test that now breaks: https://source.denx.de/u-boot/u-boot/-/jobs/849988#L264
On Thu, Jun 13, 2024 at 3:18 PM Tom Rini <trini@konsulko.com> wrote: > > On Thu, May 30, 2024 at 03:06:31PM -0700, Tim Harvey wrote: > > > This series will automatically add /chosen/kaslr-seed to the dt if DM_RNG is enabled > > during the boot process. > > > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to > > randomize the virtual address at which the kernel image is loaded, it > > expects entropy to be provided by the bootloader by populating > > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. > > > > If we have DM_RNG enabled populate this value automatically when > > fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT > > is enabled as its implementation uses a different source of entropy > > that is not yet implemented as DM_RNG. We also skip this if > > MEASURED_BOOT is enabled as in that case any modifications to the > > dt will cause measured boot to fail (although there are many other > > places the dt is altered). > > > > As this fdt node is added elsewhere create a library function and > > use it to deduplicate code. We will provide a parameter to overwrite > > the node if present. > > > > For our automatic injection, we will use the first rng device and > > not overwrite if already present with a non-zero value (which may > > have been populated by an earlier boot stage). This way if a board > > specific ft_board_setup() function wants to customize this behavior > > it can call fdt_kaslrseed with a rng device index of its choosing and > > set overwrite true. > > > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now > > but left in place in case boot scripts exist that rely on this command > > existing and returning success. An informational message is printed to > > alert users of this command that it is likely no longer needed. > > > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for > > randomization and completely ignores the kaslr-seed for its own > > randomness needs (i.e the randomization of the physical placement of > > the kernel). It gets weeded out from the DTB that gets handed over via > > efi_install_fdt() as it would also mess up the measured boot DTB TPM > > measurements as well. > > This needs to be reworked / update the test that now breaks: > https://source.denx.de/u-boot/u-boot/-/jobs/849988#L264 > Tom, Sorry about that. I sent a v6 with a patch to take care of this. I still haven't quite figured out how to use CI locally to catch things like this. It looks like I need to use gitlab according to [1] but I'm not familiar with Gitlab and creating a uboot project there and pushing my branch failed with a 'pre-receive hook declined'. I'm not sure if anyone has any documentation on how to get started with U-Boot CI? Best Regards, Tim [1] https://github.com/u-boot/u-boot/blob/master/doc/develop/ci_testing.rst
On Mon, Jun 17, 2024 at 12:32:22PM -0700, Tim Harvey wrote: > On Thu, Jun 13, 2024 at 3:18 PM Tom Rini <trini@konsulko.com> wrote: > > > > On Thu, May 30, 2024 at 03:06:31PM -0700, Tim Harvey wrote: > > > > > This series will automatically add /chosen/kaslr-seed to the dt if DM_RNG is enabled > > > during the boot process. > > > > > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to > > > randomize the virtual address at which the kernel image is loaded, it > > > expects entropy to be provided by the bootloader by populating > > > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. > > > > > > If we have DM_RNG enabled populate this value automatically when > > > fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT > > > is enabled as its implementation uses a different source of entropy > > > that is not yet implemented as DM_RNG. We also skip this if > > > MEASURED_BOOT is enabled as in that case any modifications to the > > > dt will cause measured boot to fail (although there are many other > > > places the dt is altered). > > > > > > As this fdt node is added elsewhere create a library function and > > > use it to deduplicate code. We will provide a parameter to overwrite > > > the node if present. > > > > > > For our automatic injection, we will use the first rng device and > > > not overwrite if already present with a non-zero value (which may > > > have been populated by an earlier boot stage). This way if a board > > > specific ft_board_setup() function wants to customize this behavior > > > it can call fdt_kaslrseed with a rng device index of its choosing and > > > set overwrite true. > > > > > > Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now > > > but left in place in case boot scripts exist that rely on this command > > > existing and returning success. An informational message is printed to > > > alert users of this command that it is likely no longer needed. > > > > > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for > > > randomization and completely ignores the kaslr-seed for its own > > > randomness needs (i.e the randomization of the physical placement of > > > the kernel). It gets weeded out from the DTB that gets handed over via > > > efi_install_fdt() as it would also mess up the measured boot DTB TPM > > > measurements as well. > > > > This needs to be reworked / update the test that now breaks: > > https://source.denx.de/u-boot/u-boot/-/jobs/849988#L264 > > > > Tom, > > Sorry about that. I sent a v6 with a patch to take care of this. > > I still haven't quite figured out how to use CI locally to catch > things like this. It looks like I need to use gitlab according to [1] > but I'm not familiar with Gitlab and creating a uboot project there > and pushing my branch failed with a 'pre-receive hook declined'. I'm > not sure if anyone has any documentation on how to get started with > U-Boot CI? Er, the first section is about Azure and non-custodians use that since it's just a matter of doing a PR against the github tree to trigger the run.
This series will automatically add /chosen/kaslr-seed to the dt if DM_RNG is enabled during the boot process. If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. If we have DM_RNG enabled populate this value automatically when fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT is enabled as its implementation uses a different source of entropy that is not yet implemented as DM_RNG. We also skip this if MEASURED_BOOT is enabled as in that case any modifications to the dt will cause measured boot to fail (although there are many other places the dt is altered). As this fdt node is added elsewhere create a library function and use it to deduplicate code. We will provide a parameter to overwrite the node if present. For our automatic injection, we will use the first rng device and not overwrite if already present with a non-zero value (which may have been populated by an earlier boot stage). This way if a board specific ft_board_setup() function wants to customize this behavior it can call fdt_kaslrseed with a rng device index of its choosing and set overwrite true. Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now but left in place in case boot scripts exist that rely on this command existing and returning success. An informational message is printed to alert users of this command that it is likely no longer needed. Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well. v5: - fixed typo in commit message s/it's/its/ - use cmd_process_error per Michal's suggestion - split into separate patches - remove the rng device index noting it as a future enhancement v4: - add missing /n to notice in kaslrseed cmd - combine ints in declaration - remove unused vars from board/xilinx/common/board.c ft_board_setup v3: - skip if CONFIG_MEASURED_BOOT - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT - pass in rng index and bool to specify overwrite - remove duplicate error strings printed outside of fdt_kaslrseed - added note to commit log about how EFI STUB weeds out kalsr-seed v2: - fix typo in commit msg - use stack for seed to avoid unecessary malloc/free - move to a library function and deduplicate code by using it elsewhere Tim Harvey (3): Add fdt_kaslrseed function to add kaslr-seed to chosen node fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled use fdt_kaslrseed function to de-duplicate code board/xilinx/common/board.c | 40 ---------------------------- boot/fdt_support.c | 53 +++++++++++++++++++++++++++++++++++++ boot/pxe_utils.c | 34 +----------------------- cmd/kaslrseed.c | 49 +++++----------------------------- include/fdt_support.h | 10 +++++++ 5 files changed, 71 insertions(+), 115 deletions(-)