| Age | Commit message (Collapse) | Author |
|---|
|
https://source.denx.de/u-boot/custodians/u-boot-efi into next
Pull request efi-2024-10-rc1
Documentation:
Update requirements.txt to use current Python module versions
Add a page describing debugging U-Boot with GDB
FIT: describe data-size as a conditionally mandatory property
Correct link to FIT specification in SPL code.
Correct kaslrseed command long text description
UEFI:
Add unit test checking that don't have kaslr-seed when measuring boot
Deduplicate code for measured boot.
Other:
Print size information in fwu command
|
|
The number of random bytes generated is hard coded as 8.
The command takes no argument.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Tim Harvey <[email protected]> says:
This series will automatically add /chosen/kaslr-seed to the dt if
DM_RNG is enabled
during the boot process.
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
If we have DM_RNG enabled populate this value automatically when
fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
is enabled as its implementation uses a different source of entropy
that is not yet implemented as DM_RNG. We also skip this if
MEASURED_BOOT is enabled as in that case any modifications to the
dt will cause measured boot to fail (although there are many other
places the dt is altered).
As this fdt node is added elsewhere create a library function and
use it to deduplicate code. We will provide a parameter to overwrite
the node if present.
For our automatic injection, we will use the first rng device and
not overwrite if already present with a non-zero value (which may
have been populated by an earlier boot stage). This way if a board
specific ft_board_setup() function wants to customize this behavior
it can call fdt_kaslrseed with a rng device index of its choosing and
set overwrite true.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.
|
|
Use the fdt_kaslrseed function to deduplicate code doing the same thing.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.
Signed-off-by: Tim Harvey <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Cc: Michal Simek <[email protected]>
Cc: Andy Yan <[email protected]>
Cc: Akash Gajjar <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Simon Glass <[email protected]>
Cc: Patrick Delaunay <[email protected]>
Cc: Patrice Chotard <[email protected]>
Cc: Devarsh Thakkar <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Hugo Villeneuve <[email protected]>
Cc: Marek Vasut <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Chris Morgan <[email protected]>
Acked-by: Michal Simek <[email protected]>
|
|
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Remove <common.h> from all "cmd/" files and when needed add
missing include files directly.
Signed-off-by: Tom Rini <[email protected]>
|
|
- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
introduce the variable as it was being done inline before.
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Allow the kaslr-seed value in the chosen node to be set from a hardware
rng source.
Tested on a Rockchip PX30 (Odroid Go Advance), you must have loaded
the devicetree first and prepared it for editing. On my device the
workflow goes as follows:
setenv dtb_loadaddr "0x01f00000"
load mmc 0:1 ${dtb_loadaddr} rk3326-odroid-go2.dtb
fdt addr ${dtb_loadaddr}
fdt resize
kaslrseed
and the output can be seen here:
fdt print /chosen
chosen {
kaslr-seed = <0x6f61df74 0x6f7b996c>;
stdout-path = "serial2:115200n8";
};
Signed-off-by: Chris Morgan <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
