On Thu, Aug 31, 2023 at 01:02:02PM -0600, Simon Glass wrote:
Hi Sean,
On Tue, 29 Aug 2023 at 14:37, seanedmond@linux.microsoft.com wrote:
From: Sean Edmond seanedmond@microsoft.com
Use the newly introduced common API fdt_fixup_kaslr_seed() in the kaslrseed command.
Signed-off-by: Sean Edmond seanedmond@microsoft.com
cmd/kaslrseed.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-)
diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c index 8a1d8120cd..c65607619b 100644 --- a/cmd/kaslrseed.c +++ b/cmd/kaslrseed.c @@ -19,7 +19,7 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const size_t n = 0x8; struct udevice *dev; u64 *buf;
int nodeoffset;
ofnode root; int ret = CMD_RET_SUCCESS; if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {@@ -45,21 +45,15 @@ static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const return CMD_RET_FAILURE; }
ret = fdt_check_header(working_fdt);if (ret < 0) {printf("fdt_chosen: %s\n", fdt_strerror(ret));return CMD_RET_FAILURE;}nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");if (nodeoffset < 0) {printf("Reading chosen node failed\n");return CMD_RET_FAILURE;
ret = root_ofnode_from_fdt(working_fdt, &root);if (ret) {printf("ERROR: Unable to get root ofnode\n");goto CMD_RET_FAILURE; }
ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));if (ret < 0) {printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
ret = fdt_fixup_kaslr_seed(root, buf, sizeof(buf));if (ret) {printf("ERROR: failed to add kaslr-seed to fdt\n"); return CMD_RET_FAILURE; }Reviewed-by: Simon Glass sjg@chromium.org
So this command is intended to be used in a script? I am just trying to understand why we have the fixup code as well as this.
Regards, Simon
This command is intended to be used in a script, I wrote it as a command a while ago and thought it might be useful for others so I pushed it upstream. Since then I've started applying a kaslrseed value with a fixup (basically copying what the rng-seed fixup does) so I don't have to do anything special with my boot.scr files.
I'm perfectly fine with either eliminating this command all together, or making it use a software RNG (again I can't speak to the security implications of this, as I'm not a security guy). I can just start adding the kaslr-seed in the board files anyway.
Thank you, Chris