From patchwork Tue Jun 18 21:06:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Harvey X-Patchwork-Id: 1949476 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W3fSY4p92z20KL for ; Wed, 19 Jun 2024 07:06:37 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3B9D98841E; Tue, 18 Jun 2024 23:06:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gateworks.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 29865883F6; Tue, 18 Jun 2024 23:06:18 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from finn.localdomain (finn.gateworks.com [108.161.129.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 138E686784 for ; Tue, 18 Jun 2024 23:06:16 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gateworks.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=tharvey@gateworks.com Received: from syn-068-189-091-139.biz.spectrum.com ([68.189.91.139] helo=tharvey.pdc.gateworks.com) by finn.localdomain with esmtp (Exim 4.95) (envelope-from ) id 1sJg1t-00FAbj-2J; Tue, 18 Jun 2024 21:06:13 +0000 From: Tim Harvey To: u-boot@lists.denx.de, Tom Rini Cc: Simon Glass , Patrick Delaunay , Patrice Chotard , Devarsh Thakkar , Heinrich Schuchardt , Hugo Villeneuve , Marek Vasut , Tim Harvey , Michal Simek , Andy Yan , Akash Gajjar , Ilias Apalodimas , Chris Morgan Subject: [PATCH v7 2/4] fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled Date: Tue, 18 Jun 2024 14:06:07 -0700 Message-Id: <20240618210609.1744727-3-tharvey@gateworks.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240618210609.1744727-1-tharvey@gateworks.com> References: <20240618210609.1744727-1-tharvey@gateworks.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. If we have DM_RNG enabled populate this value automatically when fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT is enabled as its implementation uses a different source of entropy that is not yet implemented as DM_RNG. We also skip this if MEASURED_BOOT is enabled as in that case any modifications to the dt will cause measured boot to fail (although there are many other places the dt is altered). Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well. Signed-off-by: Tim Harvey Reviewed-by: Simon Glass Cc: Michal Simek Cc: Andy Yan Cc: Akash Gajjar Cc: Ilias Apalodimas Cc: Simon Glass Cc: Patrick Delaunay Cc: Patrice Chotard Cc: Devarsh Thakkar Cc: Heinrich Schuchardt Cc: Hugo Villeneuve Cc: Marek Vasut Cc: Tom Rini Cc: Chris Morgan --- v6: - collected tags v5: - fixed typo in commit message s/it's/its/ - split patch into 3 parts v4: - add missing /n to notice in kaslrseed cmd - combine ints in declaration - remove unused vars from board/xilinx/common/board.c ft_board_setup v3: - skip if CONFIG_MEASURED_BOOT - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT - pass in rng index and bool to specify overwrite - remove duplicate error strings printed outside of fdt_kaslrseed - added note to commit log about how EFI STUB weeds out kalsr-seed v2: - fix typo in commit msg - use stack for seed to avoid unecessary malloc/free - move to a library function and deduplicate code by using it elsewhere --- boot/fdt_support.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/boot/fdt_support.c b/boot/fdt_support.c index b1b2679dea0c..4559adcd5e2e 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt) if (nodeoffset < 0) return nodeoffset; + /* if DM_RNG enabled automatically inject kaslr-seed node unless: + * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured boot + * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation does not use dm yet + */ + if (IS_ENABLED(CONFIG_DM_RNG) && + !IS_ENABLED(CONFIG_MEASURED_BOOT) && + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)) + fdt_kaslrseed(fdt, false); + if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) { err = fdt_setprop(fdt, nodeoffset, "rng-seed", abuf_data(&buf), abuf_size(&buf));