On Thu, 30 May 2024 at 16:06, Tim Harvey tharvey@gateworks.com wrote:
Use the fdt_kaslrseed function to deduplicate code doing the same thing.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now but left in place in case boot scripts exist that rely on this command existing and returning success. An informational message is printed to alert users of this command that it is likely no longer needed.
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well.
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com
v5:
- fixed typo in commit message s/it's/its/
- use cmd_process_error per Michal's suggestion
v4:
- add missing /n to notice in kaslrseed cmd
- combine ints in declaration
- remove unused vars from board/xilinx/common/board.c ft_board_setup
v3:
- skip if CONFIG_MEASURED_BOOT
- fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
- pass in rng index and bool to specify overwrite
- remove duplicate error strings printed outside of fdt_kaslrseed
- added note to commit log about how EFI STUB weeds out kalsr-seed
v2:
- fix typo in commit msg
- use stack for seed to avoid unecessary malloc/free
- move to a library function and deduplicate code by using it elsewhere
board/xilinx/common/board.c | 40 ------------------------------ boot/pxe_utils.c | 34 +------------------------ cmd/kaslrseed.c | 49 ++++++------------------------------- 3 files changed, 8 insertions(+), 115 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org