On Thu, 30 May 2024 at 16:06, Tim Harvey <thar...@gateworks.com> wrote: > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to > randomize the virtual address at which the kernel image is loaded, it > expects entropy to be provided by the bootloader by populating > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. > > If we have DM_RNG enabled populate this value automatically when > fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT > is enabled as its implementation uses a different source of entropy > that is not yet implemented as DM_RNG. We also skip this if > MEASURED_BOOT is enabled as in that case any modifications to the > dt will cause measured boot to fail (although there are many other > places the dt is altered). > > Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for > randomization and completely ignores the kaslr-seed for its own > randomness needs (i.e the randomization of the physical placement of > the kernel). It gets weeded out from the DTB that gets handed over via > efi_install_fdt() as it would also mess up the measured boot DTB TPM > measurements as well. > > Signed-off-by: Tim Harvey <thar...@gateworks.com> > Cc: Michal Simek <michal.si...@amd.com> > Cc: Andy Yan <andy....@rock-chips.com> > Cc: Akash Gajjar <gajjar04ak...@gmail.com> > Cc: Ilias Apalodimas <ilias.apalodi...@linaro.org> > Cc: Simon Glass <s...@chromium.org> > Cc: Patrick Delaunay <patrick.delau...@foss.st.com> > Cc: Patrice Chotard <patrice.chot...@foss.st.com> > Cc: Devarsh Thakkar <devar...@ti.com> > Cc: Heinrich Schuchardt <xypron.g...@gmx.de> > Cc: Hugo Villeneuve <hvillene...@dimonoff.com> > Cc: Marek Vasut <ma...@denx.de> > Cc: Tom Rini <tr...@konsulko.com> > Cc: Chris Morgan <macromor...@hotmail.com> > --- > v5: > - fixed typo in commit message s/it's/its/ > - split patch into 3 parts > v4: > - add missing /n to notice in kaslrseed cmd > - combine ints in declaration > - remove unused vars from board/xilinx/common/board.c ft_board_setup > v3: > - skip if CONFIG_MEASURED_BOOT > - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT > - pass in rng index and bool to specify overwrite > - remove duplicate error strings printed outside of fdt_kaslrseed > - added note to commit log about how EFI STUB weeds out kalsr-seed > v2: > - fix typo in commit msg > - use stack for seed to avoid unecessary malloc/free > - move to a library function and deduplicate code by using it > elsewhere > --- > boot/fdt_support.c | 9 +++++++++ > 1 file changed, 9 insertions(+) >
Reviewed-by: Simon Glass <s...@chromium.org> My only question is whether there should be error checking here? > diff --git a/boot/fdt_support.c b/boot/fdt_support.c > index b1b2679dea0c..4559adcd5e2e 100644 > --- a/boot/fdt_support.c > +++ b/boot/fdt_support.c > @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt) > if (nodeoffset < 0) > return nodeoffset; > > + /* if DM_RNG enabled automatically inject kaslr-seed node unless: > + * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured > boot > + * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation > does not use dm yet > + */ > + if (IS_ENABLED(CONFIG_DM_RNG) && > + !IS_ENABLED(CONFIG_MEASURED_BOOT) && > + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)) > + fdt_kaslrseed(fdt, false); > + > if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) { > err = fdt_setprop(fdt, nodeoffset, "rng-seed", > abuf_data(&buf), abuf_size(&buf)); > -- > 2.25.1 > Regards, Simon