On Thu, 30 May 2024 at 16:06, Tim Harvey <thar...@gateworks.com> wrote:
>
> If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
> randomize the virtual address at which the kernel image is loaded, it
> expects entropy to be provided by the bootloader by populating
> /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
>
> If we have DM_RNG enabled populate this value automatically when
> fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
> is enabled as its implementation uses a different source of entropy
> that is not yet implemented as DM_RNG. We also skip this if
> MEASURED_BOOT is enabled as in that case any modifications to the
> dt will cause measured boot to fail (although there are many other
> places the dt is altered).
>
> Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
> randomization and completely ignores the kaslr-seed for its own
> randomness needs (i.e the randomization of the physical placement of
> the kernel). It gets weeded out from the DTB that gets handed over via
> efi_install_fdt() as it would also mess up the measured boot DTB TPM
> measurements as well.
>
> Signed-off-by: Tim Harvey <thar...@gateworks.com>
> Cc: Michal Simek <michal.si...@amd.com>
> Cc: Andy Yan <andy....@rock-chips.com>
> Cc: Akash Gajjar <gajjar04ak...@gmail.com>
> Cc: Ilias Apalodimas <ilias.apalodi...@linaro.org>
> Cc: Simon Glass <s...@chromium.org>
> Cc: Patrick Delaunay <patrick.delau...@foss.st.com>
> Cc: Patrice Chotard <patrice.chot...@foss.st.com>
> Cc: Devarsh Thakkar <devar...@ti.com>
> Cc: Heinrich Schuchardt <xypron.g...@gmx.de>
> Cc: Hugo Villeneuve <hvillene...@dimonoff.com>
> Cc: Marek Vasut <ma...@denx.de>
> Cc: Tom Rini <tr...@konsulko.com>
> Cc: Chris Morgan <macromor...@hotmail.com>
> ---
> v5:
> - fixed typo in commit message s/it's/its/
> - split patch into 3 parts
> v4:
> - add missing /n to notice in kaslrseed cmd
> - combine ints in declaration
> - remove unused vars from board/xilinx/common/board.c ft_board_setup
> v3:
> - skip if CONFIG_MEASURED_BOOT
> - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
> - pass in rng index and bool to specify overwrite
> - remove duplicate error strings printed outside of fdt_kaslrseed
> - added note to commit log about how EFI STUB weeds out kalsr-seed
> v2:
> - fix typo in commit msg
> - use stack for seed to avoid unecessary malloc/free
> - move to a library function and deduplicate code by using it
> elsewhere
> ---
> boot/fdt_support.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
Reviewed-by: Simon Glass <s...@chromium.org>
My only question is whether there should be error checking here?
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> index b1b2679dea0c..4559adcd5e2e 100644
> --- a/boot/fdt_support.c
> +++ b/boot/fdt_support.c
> @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt)
> if (nodeoffset < 0)
> return nodeoffset;
>
> + /* if DM_RNG enabled automatically inject kaslr-seed node unless:
> + * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured
> boot
> + * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation
> does not use dm yet
> + */
> + if (IS_ENABLED(CONFIG_DM_RNG) &&
> + !IS_ENABLED(CONFIG_MEASURED_BOOT) &&
> + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))
> + fdt_kaslrseed(fdt, false);
> +
> if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
> err = fdt_setprop(fdt, nodeoffset, "rng-seed",
> abuf_data(&buf), abuf_size(&buf));
> --
> 2.25.1
>
Regards,
Simon
