diff options
| author | Dhananjay Phadke <dphadke@linux.microsoft.com> | 2023-09-12 14:35:01 -0700 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2023-11-02 16:48:16 -0400 |
| commit | 52df5bdc91b167fd0f7420392f13280143f17412 (patch) | |
| tree | 688bb8e0ee3f30b80348e592b6ad00ecd7447d1b | |
| parent | 403931f8a956ea7db9a1dd9d71c03939f4c0d70d (diff) | |
| download | u-boot-52df5bdc91b167fd0f7420392f13280143f17412.zip u-boot-52df5bdc91b167fd0f7420392f13280143f17412.tar.gz u-boot-52df5bdc91b167fd0f7420392f13280143f17412.tar.bz2 | |
fdt: kaslr seed from RNG device
Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
API to read 8-bytes of random bytes. Performs the FDT fixup using event
spy. To enable use CONFIG_KASLR_RNG_SEED
Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Signed-off-by: Drew Kluemke <ankluemk@microsoft.com>
Signed-off-by: Sean Edmond <seanedmond@microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
| -rw-r--r-- | boot/fdt_support.c | 36 | ||||
| -rw-r--r-- | lib/Kconfig | 7 |
2 files changed, 43 insertions, 0 deletions
diff --git a/boot/fdt_support.c b/boot/fdt_support.c index 52be437..09ce582 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -12,7 +12,10 @@ #include <log.h> #include <mapmem.h> #include <net.h> +#include <rng.h> #include <stdio_dev.h> +#include <dm/device.h> +#include <dm/uclass.h> #include <dm/ofnode.h> #include <linux/ctype.h> #include <linux/types.h> @@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len) return 0; } +int fdt_rng_kaslr_seed(void *ctx, struct event *event) +{ + u8 rand[8] = {0}; + struct udevice *dev; + int ret; + oftree tree = event->data.ft_fixup.tree; + ofnode root_node = oftree_root(tree); + + ret = uclass_first_device_err(UCLASS_RNG, &dev); + if (ret) { + printf("ERROR: Failed to find RNG device\n"); + return ret; + } + + ret = dm_rng_read(dev, rand, sizeof(rand)); + if (ret) { + printf("ERROR: RNG read failed, ret=%d\n", ret); + return ret; + } + + ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand)); + if (ret) { + printf("ERROR: failed to add kaslr-seed to fdt\n"); + return ret; + } + + return 0; +} + +#if defined(CONFIG_KASLR_RNG_SEED) +EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed); +#endif + int fdt_record_loadable(void *blob, u32 index, const char *name, uintptr_t load_addr, u32 size, uintptr_t entry_point, const char *type, const char *os, const char *arch) diff --git a/lib/Kconfig b/lib/Kconfig index 1964951..4f5dfc0 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -477,6 +477,13 @@ config VPL_TPM for the low-level TPM interface, but only one TPM is supported at a time by the TPM library. +config KASLR_RNG_SEED + bool "Use RNG driver for KASLR random seed" + depends on DM_RNG + help + This enables support for using the RNG driver as entropy source for + KASLR seed populated in kernel's device tree. + endmenu menu "Android Verified Boot" |