Re: [PATCH v3 2/5] fdt: kaslr seed from RNG device

27 Oct 2023

On Tue, Sep 12, 2023 at 02:35:01PM -0700, seanedmond@linux.microsoft.com wrote:
...
From: Dhananjay Phadke dphadke@linux.microsoft.com
Add support for KASLR seed from the RNG device. Invokes dm_rng_read()
API to read 8-bytes of random bytes.  Performs the FDT fixup using event
spy.  To enable use CONFIG_KASLR_RNG_SEED
Signed-off-by: Dhananjay Phadke dphadke@linux.microsoft.com
Signed-off-by: Drew Kluemke ankluemk@microsoft.com
Signed-off-by: Sean Edmond seanedmond@microsoft.com

common/fdt_support.c | 36 ++++++++++++++++++++++++++++++++++++
 lib/Kconfig          |  7 +++++++
 2 files changed, 43 insertions(+)

diff --git a/common/fdt_support.c b/common/fdt_support.c
index 52be4375b4..09ce582865 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -12,7 +12,10 @@
 #include <log.h>
 #include <mapmem.h>
 #include <net.h>
+#include <rng.h>
 #include <stdio_dev.h>
+#include <dm/device.h>
+#include <dm/uclass.h>
 #include <dm/ofnode.h>
 #include <linux/ctype.h>
 #include <linux/types.h>
@@ -650,6 +653,39 @@ int fdt_fixup_kaslr_seed(ofnode node, const u8 *seed, int len)
   return 0;
 }
+int fdt_rng_kaslr_seed(void *ctx, struct event *event)
+{

u8 rand[8] = {0};
struct udevice *dev;
int ret;
oftree tree = event->data.ft_fixup.tree;
ofnode root_node = oftree_root(tree);

ret = uclass_first_device_err(UCLASS_RNG, &dev);
if (ret) {
printf("ERROR: Failed to find RNG device\n");


return ret;


}

ret = dm_rng_read(dev, rand, sizeof(rand));
if (ret) {
printf("ERROR: RNG read failed, ret=%d\n", ret);


return ret;


}

ret = fdt_fixup_kaslr_seed(root_node, rand, sizeof(rand));
if (ret) {
printf("ERROR: failed to add kaslr-seed to fdt\n");


return ret;


}

return 0;

+}



+#if defined(CONFIG_KASLR_RNG_SEED)
+EVENT_SPY(EVT_FT_FIXUP, fdt_rng_kaslr_seed);
+#endif



int fdt_record_loadable(void *blob, u32 index, const char *name,
   		uintptr_t load_addr, u32 size, uintptr_t entry_point,
   		const char *type, const char *os, const char *arch)
diff --git a/lib/Kconfig b/lib/Kconfig
index 3926652db6..545a14343e 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -465,6 +465,13 @@ config VPL_TPM
     for the low-level TPM interface, but only one TPM is supported at
     a time by the TPM library.
+config KASLR_RNG_SEED

bool "Use RNG driver for KASLR random seed"
depends on DM_RNG
help
 This enables support for using the RNG driver as entropy source for


 KASLR seed populated in kernel's device tree.




endmenu
menu "Android Verified Boot"
2.40.0
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org

    