From: Peter Robinson pbrobinson@gmail.com Date: Wed, 17 May 2017 09:17:47 +0100
-----Original Message----- From: Peter Robinson [mailto:pbrobinson@gmail.com] Sent: Monday, May 15, 2017 6:18 PM To: Ruchika Gupta ruchika.gupta@nxp.com Cc: u-boot@lists.denx.de; sun.york@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com Subject: Re: [U-Boot] [PATCH] ARMv8/sec_firmware : Update chosen/kaslr- seed
On Sat, May 13, 2017 at 1:07 AM, Ruchika Gupta ruchika.gupta@nxp.com wrote:
kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node
Is that functionality generic that it can be consumed by other devices?
Sec firmware is proprietary firmware which provides this random seed using HW engine on NXP devices. Other devices would need to generate their own random seed to be passed as this property.
yes, my point was more shouldn't there be a generic framework for this as the functionality isn't unique to the HW engine on the NXP devices, even if the HW is, and kASLR is a pretty generic requirement.
I know Tom, Alexander, myself and others discussed such a thing at ELC in Portland in February and if memory serves providing that seed via the uefi boot services (I may have that terminology wrong) for ARMv8. Tom/Alexander do you remember the details of that conversation, know if anyone was working on it?
Having an implementation of EFI_RNG_PROTOCOL in U-Boot would be great. On OpenBSD we would defenitely use that to have our ARM bootloaders initialize the kernel .openbsd.randomdata[1] segment.
[1] https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec/ld.so/SPECS.randomdata...