diff mbox series

arm: re-randomize rng-seed on reboot

Message ID 20220927160742.1773167-1-Jason@zx2c4.com
State New
Headers show
Series arm: re-randomize rng-seed on reboot | expand

Commit Message

Jason A. Donenfeld Sept. 27, 2022, 4:07 p.m. UTC 
When the system reboots, the rng-seed that the FDT has should be
re-randomized, so that the new boot gets a new seed. Since the FDT is in
the ROM region at this point, we add a hook right after the ROM has been
added, so that we have a pointer to that copy of the FDT. When the
reboot happens, we then look for RNG seeds and replace their contents
with new random data.

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 hw/arm/boot.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

Comments

Jason A. Donenfeld Sept. 29, 2022, 11:18 p.m. UTC | #1 
On Thu, Sep 29, 2022 at 10:57:22PM +0200, Jason A. Donenfeld via wrote:
> Hi Peter,
> 
> On Tue, Sep 27, 2022 at 06:07:42PM +0200, Jason A. Donenfeld wrote:
> > When the system reboots, the rng-seed that the FDT has should be
> > re-randomized, so that the new boot gets a new seed. Since the FDT is in
> > the ROM region at this point, we add a hook right after the ROM has been
> > added, so that we have a pointer to that copy of the FDT. When the
> > reboot happens, we then look for RNG seeds and replace their contents
> > with new random data.
> > 
> > Cc: Peter Maydell <peter.maydell@linaro.org>
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> 
> Just FYI, I'm waiting for your feedback on this approach, first, before
> I add a similar thing for other architectures (at which point perhaps
> rerandomize_fdt_seeds will be moved into device_tree.c or something).

Actually, I think I'll generalize it now, and then we can evaluate it
all together. It actually looks a bit nicer split into patches. So I'll
have a replacement series for you shortly.

Jason
diff mbox series

Patch

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index ada2717f76..2836db4abb 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -25,6 +25,7 @@ 
 #include "qemu/config-file.h"
 #include "qemu/option.h"
 #include "qemu/units.h"
+#include "qemu/guest-random.h"
 
 /* Kernel boot protocol is specified in the kernel docs
  * Documentation/arm/Booting and Documentation/arm64/booting.txt
@@ -529,6 +530,26 @@  static void fdt_add_psci_node(void *fdt)
     qemu_fdt_setprop_cell(fdt, "/psci", "migrate", migrate_fn);
 }
 
+static void rerandomize_fdt_seeds(void *fdt)
+{
+    int noffset, poffset, len;
+    const char *name;
+    uint8_t *data;
+
+    for (noffset = fdt_next_node(fdt, 0, NULL);
+         noffset >= 0;
+         noffset = fdt_next_node(fdt, noffset, NULL)) {
+        for (poffset = fdt_first_property_offset(fdt, noffset);
+             poffset >= 0;
+             poffset = fdt_next_property_offset(fdt, poffset)) {
+            data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, &len);
+            if (!data || strcmp(name, "rng-seed"))
+                continue;
+            qemu_guest_getrandom_nofail(data, len);
+        }
+    }
+}
+
 int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
                  hwaddr addr_limit, AddressSpace *as, MachineState *ms)
 {
@@ -683,6 +704,7 @@  int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
      * the DTB is copied again upon reset, even if addr points into RAM.
      */
     rom_add_blob_fixed_as("dtb", fdt, size, addr, as);
+    qemu_register_reset(rerandomize_fdt_seeds, rom_ptr_for_as(as, addr, size));
 
     g_free(fdt);