On Wed, Jan 26, 2022 at 02:33:34AM +0000, 张 宁 wrote:
Hi, Chris Morgan
thank you to add kaslrseed to U-boot, do you have plan to add it to extlinux.conf?
If extlinux.conf can run commands for U-Boot it should be as simple as doing the following:
Load your devicetree from external memory. ("load mmc 0 ${fdt_addr_r} devicetree.dtb")
Use the fdt command to set the devicetree in memory. ("fdt addr ${fdt_addr_r}")
Resize the FDT in memory: ("fdt resize")
Run kaslrseed to add a kaslr-seed value to the chosen node. ("kaslrseed")
Note that currently you need a hardware random number generator to use this command (UCLASS_RNG). I'm not aware of the cryptographic implications of using the non-hardware random function of U-Boot to generate this value, but if someone who knows more than me when it comes to security can vouch I could in theory add support for software RNG into this tool as well.
Thank you.
BR. Ning