Hi Chris,
On Thu, 7 Sept 2023 at 09:45, Chris Morgan <macromor...@hotmail.com> wrote:
>
> On Thu, Aug 31, 2023 at 01:02:02PM -0600, Simon Glass wrote:
> > Hi Sean,
> >
> > On Tue, 29 Aug 2023 at 14:37, <seanedm...@linux.microsoft.com> wrote:
> > >
> > > From: Sean Edmond <seanedm...@microsoft.com>
> > >
> > > Use the newly introduced common API fdt_fixup_kaslr_seed() in the
> > > kaslrseed command.
> > >
> > > Signed-off-by: Sean Edmond <seanedm...@microsoft.com>
> > > ---
> > > cmd/kaslrseed.c | 22 ++++++++--------------
> > > 1 file changed, 8 insertions(+), 14 deletions(-)
> > >
> > > diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> > > index 8a1d8120cd..c65607619b 100644
> > > --- a/cmd/kaslrseed.c
> > > +++ b/cmd/kaslrseed.c
> > > @@ -19,7 +19,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int
> > > flag, int argc, char *const
> > > size_t n = 0x8;
> > > struct udevice *dev;
> > > u64 *buf;
> > > - int nodeoffset;
> > > + ofnode root;
> > > int ret = CMD_RET_SUCCESS;
> > >
> > > if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
> > > @@ -45,21 +45,15 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int
> > > flag, int argc, char *const
> > > return CMD_RET_FAILURE;
> > > }
> > >
> > > - ret = fdt_check_header(working_fdt);
> > > - if (ret < 0) {
> > > - printf("fdt_chosen: %s\n", fdt_strerror(ret));
> > > - return CMD_RET_FAILURE;
> > > - }
> > > -
> > > - nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> > > - if (nodeoffset < 0) {
> > > - printf("Reading chosen node failed\n");
> > > - return CMD_RET_FAILURE;
> > > + ret = root_ofnode_from_fdt(working_fdt, &root);
> > > + if (ret) {
> > > + printf("ERROR: Unable to get root ofnode\n");
> > > + goto CMD_RET_FAILURE;
> > > }
> > >
> > > - ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf,
> > > sizeof(buf));
> > > - if (ret < 0) {
> > > - printf("Unable to set kaslr-seed on chosen node: %s\n",
> > > fdt_strerror(ret));
> > > + ret = fdt_fixup_kaslr_seed(root, buf, sizeof(buf));
> > > + if (ret) {
> > > + printf("ERROR: failed to add kaslr-seed to fdt\n");
> > > return CMD_RET_FAILURE;
> > > }
> >
> > Reviewed-by: Simon Glass <s...@chromium.org>
> >
> > So this command is intended to be used in a script? I am just trying
> > to understand why we have the fixup code as well as this.
> >
> > Regards,
> > Simon
>
> This command is intended to be used in a script, I wrote it as a
> command a while ago and thought it might be useful for others so I
> pushed it upstream. Since then I've started applying a kaslrseed value
> with a fixup (basically copying what the rng-seed fixup does) so I
> don't have to do anything special with my boot.scr files.
>
> I'm perfectly fine with either eliminating this command all together,
> or making it use a software RNG (again I can't speak to the security
> implications of this, as I'm not a security guy). I can just start
> adding the kaslr-seed in the board files anyway.
The command seems fine to me.
Regards,
Simon
