On Wed, 29 Nov 2023 at 19:47, Simon Glass <s...@chromium.org> wrote:
> Hi Sean,
>
> On Thu, 16 Nov 2023 at 19:02, <seanedm...@linux.microsoft.com> wrote:
> >
> > From: Dhananjay Phadke <dpha...@linux.microsoft.com>
> >
> > Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
> > API to read 8-bytes of random bytes. Performs the FDT fixup using event
> > spy. To enable use CONFIG_KASLR_RNG_SEED
> >
> > Signed-off-by: Dhananjay Phadke <dpha...@linux.microsoft.com>
> > Signed-off-by: Drew Kluemke <anklu...@microsoft.com>
> > Signed-off-by: Sean Edmond <seanedm...@microsoft.com>
> > ---
> > boot/fdt_support.c | 36 ++++++++++++++++++++++++++++++++++++
> > lib/Kconfig | 7 +++++++
> > 2 files changed, 43 insertions(+)
> >
>
> Reviewed-by: Simon Glass <s...@chromium.org>
>
> > diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> > index 49d14a949be..12defcf645c 100644
> > --- a/boot/fdt_support.c
> > +++ b/boot/fdt_support.c
> > @@ -12,7 +12,10 @@
> > #include <log.h>
> > #include <mapmem.h>
> > #include <net.h>
> > +#include <rng.h>
> > #include <stdio_dev.h>
> > +#include <dm/device.h>
> > +#include <dm/uclass.h>
> > #include <dm/ofnode.h>
> > #include <linux/ctype.h>
> > #include <linux/types.h>
> > @@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8
> *seed, int len)
> > return 0;
> > }
> >
> > +int fdt_rng_kaslr_seed(void *ctx, struct event *event)
> > +{
> > + u8 rand[8] = {0};
> > + struct udevice *dev;
> > + int ret;
> > + oftree tree = event->data.ft_fixup.tree;
> > + ofnode root_node = oftree_root(tree);
> > +
> > + ret = uclass_first_device_err(UCLASS_RNG, &dev);
> > + if (ret) {
> > + printf("ERROR: Failed to find RNG device\n");
> > + return ret;
> > + }
> > +
> > + ret = dm_rng_read(dev, rand, sizeof(rand));
> > + if (ret) {
> > + printf("ERROR: RNG read failed, ret=%d\n", ret);
> > + return ret;
> > + }
> > +
> > + ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
> > + if (ret) {
> > + printf("ERROR: failed to add kaslr-seed to fdt\n");
> > + return ret;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +#if defined(CONFIG_KASLR_RNG_SEED)
>
> You could put this if() in the function above
>
>
> > +EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
> > +#endif
> > +
> > int fdt_record_loadable(void *blob, u32 index, const char *name,
> > uintptr_t load_addr, u32 size, uintptr_t
> entry_point,
> > const char *type, const char *os, const char
> *arch)
> > diff --git a/lib/Kconfig b/lib/Kconfig
> > index 19649517a39..4f5dfc00d6f 100644
> > --- a/lib/Kconfig
> > +++ b/lib/Kconfig
> > @@ -477,6 +477,13 @@ config VPL_TPM
> > for the low-level TPM interface, but only one TPM is supported
> at
> > a time by the TPM library.
> >
> > +config KASLR_RNG_SEED
> > + bool "Use RNG driver for KASLR random seed"
> > + depends on DM_RNG
> > + help
> > + This enables support for using the RNG driver as entropy
> source for
> > + KASLR seed populated in kernel's device tree.
> > +
> > endmenu
> >
> > menu "Android Verified Boot"
> > --
> > 2.42.0
> >
>
Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
