On 5/15/24 2:22 AM, Tim Harvey wrote:
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
Thanks for working on this one, this is really nice.
If we have DM_RNG enabled poulate this value automatically when
fdt_chosen is called.
Signed-off-by: Tim Harvey <thar...@gateworks.com>
---
boot/fdt_support.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/boot/fdt_support.c b/boot/fdt_support.c
index 874ca4d6f5af..cd3069baf450 100644
--- a/boot/fdt_support.c
+++ b/boot/fdt_support.c
@@ -7,10 +7,12 @@
*/
#include <abuf.h>
+#include <dm.h>
#include <env.h>
#include <log.h>
#include <mapmem.h>
#include <net.h>
+#include <rng.h>
#include <stdio_dev.h>
#include <dm/ofnode.h>
#include <linux/ctype.h>
@@ -300,6 +302,27 @@ int fdt_chosen(void *fdt)
if (nodeoffset < 0)
return nodeoffset;
+ if (IS_ENABLED(CONFIG_DM_RNG)) {
+ struct udevice *dev;
+ size_t len = 0x8;
+ u64 *data;
+
+ data = malloc(len);
Can you allocate this 8 byte array on stack , i.e. u64 data[2]; ?
cmd/kaslrseed.c could use similar clean up (and
lib/efi_loader/efi_dt_fixup.c and boot/pxe_utils.c ... uhhh). Maybe you
can deduplicate this functionality into common code shared by all those
duplicates before the duplication gets out of control ?
lib/kaslrseed.c looks like a good place to put the common stuff.
+ if (!data)
+ return -ENOMEM;
+
+ err = uclass_get_device(UCLASS_RNG, 0, &dev);
+ if (!err)
+ err = dm_rng_read(dev, data, len);
+ if (!err)
+ err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", data,
len);
+ if (err < 0) {
+ printf("WARNING: could not set kaslr-seed %s.\n",
+ fdt_strerror(err));
+ return err;
+ }
You're missing free() here, but it shouldn't be needed if you allocate
the array on stack, which is better/simpler.
