From: Dhananjay Phadke <dpha...@linux.microsoft.com>
Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
API to read 8-bytes of random bytes. Performs the FDT fixup using event
spy. To enable use CONFIG_KASLR_RNG_SEED
Signed-off-by: Dhananjay Phadke <dpha...@linux.microsoft.com>
Signed-off-by: Drew Kluemke <anklu...@microsoft.com>
Signed-off-by: Sean Edmond <seanedm...@microsoft.com>
Reviewed-by: Simon Glass <s...@chromium.org>
BAH
---
Changes in v6:
- Enclose fdt_rng_kaslr_seed() in "#if defined(CONFIG_KASLR_RNG_SEED)"
Changes in v3:
- Populate with RNG device instead of TPM device (this is a more generic
solution)
Changes in v2:
- Add error checking in image_setup_libfdt() for return from
fdt_tpm_kaslr_seed()
- uclass_get_device() -> uclass_first_device_err()
boot/fdt_support.c | 35 +++++++++++++++++++++++++++++++++++
configs/sandbox_defconfig | 2 +-
lib/Kconfig | 7 +++++++
3 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index 49d14a949be..b51154f83a5 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -12,7 +12,10 @@
#include <log.h>
#include <mapmem.h>
#include <net.h>
+#include <rng.h>
#include <stdio_dev.h>
+#include <dm/device.h>
+#include <dm/uclass.h>
#include <dm/ofnode.h>
#include <linux/ctype.h>
#include <linux/types.h>
@@ -650,6 +653,38 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int
len)
return 0;
}
+#if defined(CONFIG_KASLR_RNG_SEED)
+int fdt_rng_kaslr_seed(void *ctx, struct event *event)
+{
+ u8 rand[8] = {0};
+ struct udevice *dev;
+ int ret;
+ oftree tree = event->data.ft_fixup.tree;
+ ofnode root_node = oftree_root(tree);
+
+ ret = uclass_first_device_err(UCLASS_RNG, &dev);
+ if (ret) {
+ printf("ERROR: Failed to find RNG device\n");
+ return ret;
+ }
+
+ ret = dm_rng_read(dev, rand, sizeof(rand));
+ if (ret) {
+ printf("ERROR: RNG read failed, ret=%d\n", ret);
+ return ret;
+ }
+
+ ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
+ if (ret) {
+ printf("ERROR: failed to add kaslr-seed to fdt\n");
+ return ret;
+ }
+
+ return 0;
+}
+EVENT_SPY_FULL(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
+#endif
+
int fdt_record_loadable(void *blob, u32 index, const char *name,
uintptr_t load_addr, u32 size, uintptr_t entry_point,
const char *type, const char *os, const char *arch)
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index bc5bcb2a623..b71790e1532 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -348,4 +348,4 @@ CONFIG_EFI_SECURE_BOOT=y
CONFIG_TEST_FDTDEC=y
CONFIG_UNIT_TEST=y
CONFIG_UT_TIME=y
-CONFIG_UT_DM=y
+CONFIG_UT_DM=y
\ No newline at end of file
diff --git a/lib/Kconfig b/lib/Kconfig
index 19649517a39..4f5dfc00d6f 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -477,6 +477,13 @@ config VPL_TPM
for the low-level TPM interface, but only one TPM is supported at
a time by the TPM library.
+config KASLR_RNG_SEED
+ bool "Use RNG driver for KASLR random seed"
+ depends on DM_RNG
+ help
+ This enables support for using the RNG driver as entropy source for
+ KASLR seed populated in kernel's device tree.
+
endmenu
menu "Android Verified Boot"
--
2.42.0
