From 00afd1ec82161aa7702d184fc6acdad256c44c82 Mon Sep 17 00:00:00 2001 From: Tim Harvey Date: Tue, 18 Jun 2024 14:06:06 -0700 Subject: Add fdt_kaslrseed function to add kaslr-seed to chosen node If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. Add a fdt_kaslrseed function to accommodate this allowing an existing node to be overwritten if present. For now use the first rng device but it would be good to enhance this in the future to allow some sort of selection or policy in choosing the rng device used. Signed-off-by: Tim Harvey Reviewed-by: Simon Glass Cc: Michal Simek Cc: Andy Yan Cc: Akash Gajjar Cc: Ilias Apalodimas Cc: Simon Glass Cc: Patrick Delaunay Cc: Patrice Chotard Cc: Devarsh Thakkar Cc: Heinrich Schuchardt Cc: Hugo Villeneuve Cc: Marek Vasut Cc: Tom Rini Cc: Chris Morgan Reviewed-by: Caleb Connolly --- boot/fdt_support.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'boot') diff --git a/boot/fdt_support.c b/boot/fdt_support.c index 2bd80a9dfb1..b1b2679dea0 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -7,12 +7,15 @@ */ #include +#include #include #include #include #include #include +#include #include +#include #include #include #include @@ -274,6 +277,47 @@ int fdt_initrd(void *fdt, ulong initrd_start, ulong initrd_end) return 0; } +int fdt_kaslrseed(void *fdt, bool overwrite) +{ + int len, err, nodeoffset; + struct udevice *dev; + const u64 *orig; + u64 data = 0; + + err = fdt_check_header(fdt); + if (err < 0) + return err; + + /* find or create "/chosen" node. */ + nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen"); + if (nodeoffset < 0) + return nodeoffset; + + /* return without error if we are not overwriting and existing non-zero node */ + orig = fdt_getprop(fdt, nodeoffset, "kaslr-seed", &len); + if (orig && len == sizeof(*orig)) + data = fdt64_to_cpu(*orig); + if (data && !overwrite) { + debug("not overwriting existing kaslr-seed\n"); + return 0; + } + err = uclass_get_device(UCLASS_RNG, 0, &dev); + if (err) { + printf("No RNG device\n"); + return err; + } + err = dm_rng_read(dev, &data, sizeof(data)); + if (err) { + dev_err(dev, "dm_rng_read failed: %d\n", err); + return err; + } + err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", &data, sizeof(data)); + if (err < 0) + printf("WARNING: could not set kaslr-seed %s.\n", fdt_strerror(err)); + + return err; +} + /** * board_fdt_chosen_bootargs - boards may override this function to use * alternative kernel command line arguments -- cgit v1.2.3 From ea955eea4f662b7e37d74228fed0c9147e6dba88 Mon Sep 17 00:00:00 2001 From: Tim Harvey Date: Tue, 18 Jun 2024 14:06:07 -0700 Subject: fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. If we have DM_RNG enabled populate this value automatically when fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT is enabled as its implementation uses a different source of entropy that is not yet implemented as DM_RNG. We also skip this if MEASURED_BOOT is enabled as in that case any modifications to the dt will cause measured boot to fail (although there are many other places the dt is altered). Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well. Signed-off-by: Tim Harvey Reviewed-by: Simon Glass Cc: Michal Simek Cc: Andy Yan Cc: Akash Gajjar Cc: Ilias Apalodimas Cc: Simon Glass Cc: Patrick Delaunay Cc: Patrice Chotard Cc: Devarsh Thakkar Cc: Heinrich Schuchardt Cc: Hugo Villeneuve Cc: Marek Vasut Cc: Tom Rini Cc: Chris Morgan --- boot/fdt_support.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'boot') diff --git a/boot/fdt_support.c b/boot/fdt_support.c index b1b2679dea0..4559adcd5e2 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt) if (nodeoffset < 0) return nodeoffset; + /* if DM_RNG enabled automatically inject kaslr-seed node unless: + * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured boot + * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation does not use dm yet + */ + if (IS_ENABLED(CONFIG_DM_RNG) && + !IS_ENABLED(CONFIG_MEASURED_BOOT) && + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)) + fdt_kaslrseed(fdt, false); + if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) { err = fdt_setprop(fdt, nodeoffset, "rng-seed", abuf_data(&buf), abuf_size(&buf)); -- cgit v1.2.3 From 909321bc6b527d2464c24e94185a3585c105f5f7 Mon Sep 17 00:00:00 2001 From: Tim Harvey Date: Tue, 18 Jun 2024 14:06:08 -0700 Subject: use fdt_kaslrseed function to de-duplicate code Use the fdt_kaslrseed function to deduplicate code doing the same thing. Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now but left in place in case boot scripts exist that rely on this command existing and returning success. An informational message is printed to alert users of this command that it is likely no longer needed. Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well. Signed-off-by: Tim Harvey Reviewed-by: Simon Glass Cc: Michal Simek Cc: Andy Yan Cc: Akash Gajjar Cc: Ilias Apalodimas Cc: Simon Glass Cc: Patrick Delaunay Cc: Patrice Chotard Cc: Devarsh Thakkar Cc: Heinrich Schuchardt Cc: Hugo Villeneuve Cc: Marek Vasut Cc: Tom Rini Cc: Chris Morgan Acked-by: Michal Simek --- boot/pxe_utils.c | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) (limited to 'boot') diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c index 5c1c962ff4c..38ca9b81a42 100644 --- a/boot/pxe_utils.c +++ b/boot/pxe_utils.c @@ -324,10 +324,6 @@ static void label_boot_kaslrseed(void) #if CONFIG_IS_ENABLED(DM_RNG) ulong fdt_addr; struct fdt_header *working_fdt; - size_t n = 0x8; - struct udevice *dev; - u64 *buf; - int nodeoffset; int err; /* Get the main fdt and map it */ @@ -343,35 +339,7 @@ static void label_boot_kaslrseed(void) if (err <= 0) return; - if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) { - printf("No RNG device\n"); - return; - } - - nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen"); - if (nodeoffset < 0) { - printf("Reading chosen node failed\n"); - return; - } - - buf = malloc(n); - if (!buf) { - printf("Out of memory\n"); - return; - } - - if (dm_rng_read(dev, buf, n)) { - printf("Reading RNG failed\n"); - goto err; - } - - err = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf)); - if (err < 0) { - printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(err)); - goto err; - } -err: - free(buf); + fdt_kaslrseed(working_fdt, true); #endif return; } -- cgit v1.2.3