[PATCH v6 0/4] automatically add /chosen/kaslr-seed and deduplicate code
This series will automatically add /chosen/kaslr-seed to the dt if DM_RNG is enabled during the boot process.
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
If we have DM_RNG enabled populate this value automatically when fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT is enabled as its implementation uses a different source of entropy that is not yet implemented as DM_RNG. We also skip this if MEASURED_BOOT is enabled as in that case any modifications to the dt will cause measured boot to fail (although there are many other places the dt is altered).
As this fdt node is added elsewhere create a library function and use it to deduplicate code. We will provide a parameter to overwrite the node if present.
For our automatic injection, we will use the first rng device and not overwrite if already present with a non-zero value (which may have been populated by an earlier boot stage). This way if a board specific ft_board_setup() function wants to customize this behavior it can call fdt_kaslrseed with a rng device index of its choosing and set overwrite true.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now but left in place in case boot scripts exist that rely on this command existing and returning success. An informational message is printed to alert users of this command that it is likely no longer needed.
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well.
v6: - collected tags - add patch to fdt ut v5: - fixed typo in commit message s/it's/its/ - use cmd_process_error per Michal's suggestion - split into separate patches - remove the rng device index noting it as a future enhancement v4: - add missing /n to notice in kaslrseed cmd - combine ints in declaration - remove unused vars from board/xilinx/common/board.c ft_board_setup v3: - skip if CONFIG_MEASURED_BOOT - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT - pass in rng index and bool to specify overwrite - remove duplicate error strings printed outside of fdt_kaslrseed - added note to commit log about how EFI STUB weeds out kalsr-seed v2: - fix typo in commit msg - use stack for seed to avoid unecessary malloc/free - move to a library function and deduplicate code by using it elsewhere
Tim Harvey (4): Add fdt_kaslrseed function to add kaslr-seed to chosen node fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled use fdt_kaslrseed function to de-duplicate code test: cmd: fdt: fix chosen test for DM_RNG
board/xilinx/common/board.c | 40 ---------------------------- boot/fdt_support.c | 53 +++++++++++++++++++++++++++++++++++++ boot/pxe_utils.c | 34 +----------------------- cmd/kaslrseed.c | 49 +++++----------------------------- include/fdt_support.h | 10 +++++++ test/cmd/fdt.c | 4 +++ 6 files changed, 75 insertions(+), 115 deletions(-)
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
Add a fdt_kaslrseed function to accommodate this allowing an existing node to be overwritten if present. For now use the first rng device but it would be good to enhance this in the future to allow some sort of selection or policy in choosing the rng device used.
Signed-off-by: Tim Harvey tharvey@gateworks.com Reviewed-by: Simon Glass sjg@chromium.org Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com --- v6: - collected tags v5: - move function to boot/fdt_support.c - remove ability to select rng index and note in the commit log something like this as a future enhancement. - fixed typo in commit message s/it's/its/ - use cmd_process_error per Michal's suggestion v4: - add missing /n to notice in kaslrseed cmd - combine ints in declaration - remove unused vars from board/xilinx/common/board.c ft_board_setup v3: - skip if CONFIG_MEASURED_BOOT - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT - pass in rng index and bool to specify overwrite - remove duplicate error strings printed outside of fdt_kaslrseed - added note to commit log about how EFI STUB weeds out kalsr-seed v2: - fix typo in commit msg - use stack for seed to avoid unecessary malloc/free - move to a library function and deduplicate code by using it elsewhere --- boot/fdt_support.c | 44 +++++++++++++++++++++++++++++++++++++++++++ include/fdt_support.h | 10 ++++++++++ 2 files changed, 54 insertions(+)
diff --git a/boot/fdt_support.c b/boot/fdt_support.c index 2bd80a9dfb18..b1b2679dea0c 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -7,12 +7,15 @@ */
#include <common.h> +#include <dm.h> #include <abuf.h> #include <env.h> #include <log.h> #include <mapmem.h> #include <net.h> +#include <rng.h> #include <stdio_dev.h> +#include <dm/device_compat.h> #include <dm/ofnode.h> #include <linux/ctype.h> #include <linux/types.h> @@ -274,6 +277,47 @@ int fdt_initrd(void *fdt, ulong initrd_start, ulong initrd_end) return 0; }
+int fdt_kaslrseed(void *fdt, bool overwrite) +{ + int len, err, nodeoffset; + struct udevice *dev; + const u64 *orig; + u64 data = 0; + + err = fdt_check_header(fdt); + if (err < 0) + return err; + + /* find or create "/chosen" node. */ + nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen"); + if (nodeoffset < 0) + return nodeoffset; + + /* return without error if we are not overwriting and existing non-zero node */ + orig = fdt_getprop(fdt, nodeoffset, "kaslr-seed", &len); + if (orig && len == sizeof(*orig)) + data = fdt64_to_cpu(*orig); + if (data && !overwrite) { + debug("not overwriting existing kaslr-seed\n"); + return 0; + } + err = uclass_get_device(UCLASS_RNG, 0, &dev); + if (err) { + printf("No RNG device\n"); + return err; + } + err = dm_rng_read(dev, &data, sizeof(data)); + if (err) { + dev_err(dev, "dm_rng_read failed: %d\n", err); + return err; + } + err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", &data, sizeof(data)); + if (err < 0) + printf("WARNING: could not set kaslr-seed %s.\n", fdt_strerror(err)); + + return err; +} + /** * board_fdt_chosen_bootargs - boards may override this function to use * alternative kernel command line arguments diff --git a/include/fdt_support.h b/include/fdt_support.h index 4b71b8948d99..741e2360c224 100644 --- a/include/fdt_support.h +++ b/include/fdt_support.h @@ -463,4 +463,14 @@ void fdt_fixup_board_enet(void *blob); #ifdef CONFIG_CMD_PSTORE void fdt_fixup_pstore(void *blob); #endif + +/** + * fdt_kaslrseed() - create a 'kaslr-seed' node in chosen + * + * @blob: fdt blob + * @overwrite: do not overwrite existing non-zero node unless true + * Return: 0 if OK, -ve on error + */ +int fdt_kaslrseed(void *blob, bool overwrite); + #endif /* ifndef __FDT_SUPPORT_H */
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot.
If we have DM_RNG enabled populate this value automatically when fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT is enabled as its implementation uses a different source of entropy that is not yet implemented as DM_RNG. We also skip this if MEASURED_BOOT is enabled as in that case any modifications to the dt will cause measured boot to fail (although there are many other places the dt is altered).
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well.
Signed-off-by: Tim Harvey tharvey@gateworks.com Reviewed-by: Simon Glass sjg@chromium.org Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com --- v6: - collected tags v5: - fixed typo in commit message s/it's/its/ - split patch into 3 parts v4: - add missing /n to notice in kaslrseed cmd - combine ints in declaration - remove unused vars from board/xilinx/common/board.c ft_board_setup v3: - skip if CONFIG_MEASURED_BOOT - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT - pass in rng index and bool to specify overwrite - remove duplicate error strings printed outside of fdt_kaslrseed - added note to commit log about how EFI STUB weeds out kalsr-seed v2: - fix typo in commit msg - use stack for seed to avoid unecessary malloc/free - move to a library function and deduplicate code by using it elsewhere --- boot/fdt_support.c | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/boot/fdt_support.c b/boot/fdt_support.c index b1b2679dea0c..4559adcd5e2e 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt) if (nodeoffset < 0) return nodeoffset;
+ /* if DM_RNG enabled automatically inject kaslr-seed node unless: + * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured boot + * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation does not use dm yet + */ + if (IS_ENABLED(CONFIG_DM_RNG) && + !IS_ENABLED(CONFIG_MEASURED_BOOT) && + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)) + fdt_kaslrseed(fdt, false); + if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) { err = fdt_setprop(fdt, nodeoffset, "rng-seed", abuf_data(&buf), abuf_size(&buf));
Use the fdt_kaslrseed function to deduplicate code doing the same thing.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now but left in place in case boot scripts exist that rely on this command existing and returning success. An informational message is printed to alert users of this command that it is likely no longer needed.
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well.
Signed-off-by: Tim Harvey tharvey@gateworks.com Reviewed-by: Simon Glass sjg@chromium.org Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com --- v6: - collected tags v5: - fixed typo in commit message s/it's/its/ - use cmd_process_error per Michal's suggestion v4: - add missing /n to notice in kaslrseed cmd - combine ints in declaration - remove unused vars from board/xilinx/common/board.c ft_board_setup v3: - skip if CONFIG_MEASURED_BOOT - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT - pass in rng index and bool to specify overwrite - remove duplicate error strings printed outside of fdt_kaslrseed - added note to commit log about how EFI STUB weeds out kalsr-seed v2: - fix typo in commit msg - use stack for seed to avoid unecessary malloc/free - move to a library function and deduplicate code by using it elsewhere --- board/xilinx/common/board.c | 40 ------------------------------ boot/pxe_utils.c | 34 +------------------------ cmd/kaslrseed.c | 49 ++++++------------------------------- 3 files changed, 8 insertions(+), 115 deletions(-)
diff --git a/board/xilinx/common/board.c b/board/xilinx/common/board.c index b47d2d23f913..098738017bab 100644 --- a/board/xilinx/common/board.c +++ b/board/xilinx/common/board.c @@ -702,11 +702,6 @@ phys_addr_t board_get_usable_ram_top(phys_size_t total_size) #define MAX_RAND_SIZE 8 int ft_board_setup(void *blob, struct bd_info *bd) { - size_t n = MAX_RAND_SIZE; - struct udevice *dev; - u8 buf[MAX_RAND_SIZE]; - int nodeoffset, ret; - static const struct node_info nodes[] = { { "arm,pl353-nand-r2p1", MTD_DEV_TYPE_NAND, }, }; @@ -714,41 +709,6 @@ int ft_board_setup(void *blob, struct bd_info *bd) if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) && IS_ENABLED(CONFIG_NAND_ZYNQ)) fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) { - debug("No RNG device\n"); - return 0; - } - - if (dm_rng_read(dev, buf, n)) { - debug("Reading RNG failed\n"); - return 0; - } - - if (!blob) { - debug("No FDT memory address configured. Please configure\n" - "the FDT address via "fdt addr <address>" command.\n" - "Aborting!\n"); - return 0; - } - - ret = fdt_check_header(blob); - if (ret < 0) { - debug("fdt_chosen: %s\n", fdt_strerror(ret)); - return ret; - } - - nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen"); - if (nodeoffset < 0) { - debug("Reading chosen node failed\n"); - return nodeoffset; - } - - ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf)); - if (ret < 0) { - debug("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret)); - return ret; - } - return 0; } #endif diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c index 5c1c962ff4c1..38ca9b81a42d 100644 --- a/boot/pxe_utils.c +++ b/boot/pxe_utils.c @@ -324,10 +324,6 @@ static void label_boot_kaslrseed(void) #if CONFIG_IS_ENABLED(DM_RNG) ulong fdt_addr; struct fdt_header *working_fdt; - size_t n = 0x8; - struct udevice *dev; - u64 *buf; - int nodeoffset; int err;
/* Get the main fdt and map it */ @@ -343,35 +339,7 @@ static void label_boot_kaslrseed(void) if (err <= 0) return;
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) { - printf("No RNG device\n"); - return; - } - - nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen"); - if (nodeoffset < 0) { - printf("Reading chosen node failed\n"); - return; - } - - buf = malloc(n); - if (!buf) { - printf("Out of memory\n"); - return; - } - - if (dm_rng_read(dev, buf, n)) { - printf("Reading RNG failed\n"); - goto err; - } - - err = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf)); - if (err < 0) { - printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(err)); - goto err; - } -err: - free(buf); + fdt_kaslrseed(working_fdt, true); #endif return; } diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c index 9acb8e163863..645cab2e74fd 100644 --- a/cmd/kaslrseed.c +++ b/cmd/kaslrseed.c @@ -16,56 +16,21 @@
static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { - size_t n = 0x8; - struct udevice *dev; - u64 *buf; - int nodeoffset; - int ret = CMD_RET_SUCCESS; + int err = CMD_RET_SUCCESS;
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) { - printf("No RNG device\n"); - return CMD_RET_FAILURE; - } - - buf = malloc(n); - if (!buf) { - printf("Out of memory\n"); - return CMD_RET_FAILURE; - } - - if (dm_rng_read(dev, buf, n)) { - printf("Reading RNG failed\n"); - return CMD_RET_FAILURE; - } + printf("Notice: a /chosen/kaslr-seed is automatically added to the device-tree when booted via booti/bootm/bootz therefore using this command is likely no longer needed\n");
if (!working_fdt) { printf("No FDT memory address configured. Please configure\n" "the FDT address via "fdt addr <address>" command.\n" "Aborting!\n"); - return CMD_RET_FAILURE; - } - - ret = fdt_check_header(working_fdt); - if (ret < 0) { - printf("fdt_chosen: %s\n", fdt_strerror(ret)); - return CMD_RET_FAILURE; - } - - nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen"); - if (nodeoffset < 0) { - printf("Reading chosen node failed\n"); - return CMD_RET_FAILURE; + err = CMD_RET_FAILURE; + } else { + if (fdt_kaslrseed(working_fdt, true) < 0) + err = CMD_RET_FAILURE; }
- ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf)); - if (ret < 0) { - printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret)); - return CMD_RET_FAILURE; - } - - free(buf); - - return ret; + return cmd_process_error(cmdtp, err); }
U_BOOT_LONGHELP(kaslrseed,
Now that kaslr-seed is automatically added to the chosen node if DM_RNG is enabled, adjust the test to expect this.
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com --- v6: new patch --- test/cmd/fdt.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c index 547085521758..537d8a338bbf 100644 --- a/test/cmd/fdt.c +++ b/test/cmd/fdt.c @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs); + if (CONFIG_IS_ENABLED(DM_RNG)) + ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));
@@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs); + if (CONFIG_IS_ENABLED(DM_RNG)) + ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));
On 17.06.24 21:14, Tim Harvey wrote:
Now that kaslr-seed is automatically added to the chosen node if DM_RNG is enabled, adjust the test to expect this.
We need to check that if CONFIG_EFI_TCG2_PROTOCOL=y no kaslr-seed node is passed to EFI binaries.
The right location for such a test is lib/efi_selftest/efi_selftest_tcg2.c.
We need as similar check for CONFIG_MEASURED_BOOT=y.
Best regards
Heinrich
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com
v6: new patch
test/cmd/fdt.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c index 547085521758..537d8a338bbf 100644 --- a/test/cmd/fdt.c +++ b/test/cmd/fdt.c @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
- if (CONFIG_IS_ENABLED(DM_RNG))
ut_assert_nextlinen("\tkaslr-seed = ");@@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
- if (CONFIG_IS_ENABLED(DM_RNG))
ut_assert_nextlinen("\tkaslr-seed = ");
On Tue, Jun 18, 2024 at 4:51 AM Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 17.06.24 21:14, Tim Harvey wrote:
Now that kaslr-seed is automatically added to the chosen node if DM_RNG is enabled, adjust the test to expect this.
We need to check that if CONFIG_EFI_TCG2_PROTOCOL=y no kaslr-seed node is passed to EFI binaries.
The right location for such a test is lib/efi_selftest/efi_selftest_tcg2.c.
Hi Heinrich,
I see you sent a patch for that but I'm not understanding how that fits into the ut framework.
We need as similar check for CONFIG_MEASURED_BOOT=y.
Can you explain more please?
Does this explain the CI failures I see here: https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log... https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log...
I'm still trying to make sense of those.
In order to test this locally I built for sandbox64_defconfig and ran "./u-boot -Dc 'ut fdt'" but it seems that doesn't cover enough cases.
Best regards,
Tim
Best regards
Heinrich
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com
v6: new patch
test/cmd/fdt.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c index 547085521758..537d8a338bbf 100644 --- a/test/cmd/fdt.c +++ b/test/cmd/fdt.c @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));@@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));
On Tue, Jun 18, 2024 at 8:48 AM Tim Harvey tharvey@gateworks.com wrote:
On Tue, Jun 18, 2024 at 4:51 AM Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 17.06.24 21:14, Tim Harvey wrote:
Now that kaslr-seed is automatically added to the chosen node if DM_RNG is enabled, adjust the test to expect this.
We need to check that if CONFIG_EFI_TCG2_PROTOCOL=y no kaslr-seed node is passed to EFI binaries.
The right location for such a test is lib/efi_selftest/efi_selftest_tcg2.c.
Hi Heinrich,
I see you sent a patch for that but I'm not understanding how that fits into the ut framework.
We need as similar check for CONFIG_MEASURED_BOOT=y.
Can you explain more please?
Does this explain the CI failures I see here: https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log... https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log...
I'm still trying to make sense of those.
In order to test this locally I built for sandbox64_defconfig and ran "./u-boot -Dc 'ut fdt'" but it seems that doesn't cover enough cases.
I believe I understand the Azure pipeline failures now. I don't see exactly where they pick a defconfig but the failed test cases are under 'test.py for sandbox sandbox' and 'test.py for sandbox sandbox_clang' which I've come to understand means they use 'sandbox_defconfig' which defines CONFIG_MEASURED_BOOT where sandbox64_defconfig which I tested does not.
So I need to update the test to: + if (IS_ENABLED(CONFIG_DM_RNG) && + !IS_ENABLED(CONFIG_MEASURED_BOOT) && + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)) + ut_assert_nextlinen("\tkaslr-seed = ");
I've issued a PR for v7 to test via CI and will submit if all is well.
Best Regards,
Tim
Best regards,
Tim
Best regards
Heinrich
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com
v6: new patch
test/cmd/fdt.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c index 547085521758..537d8a338bbf 100644 --- a/test/cmd/fdt.c +++ b/test/cmd/fdt.c @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));@@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));
Am 18. Juni 2024 18:45:53 MESZ schrieb Tim Harvey tharvey@gateworks.com:
On Tue, Jun 18, 2024 at 8:48 AM Tim Harvey tharvey@gateworks.com wrote:
On Tue, Jun 18, 2024 at 4:51 AM Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 17.06.24 21:14, Tim Harvey wrote:
Now that kaslr-seed is automatically added to the chosen node if DM_RNG is enabled, adjust the test to expect this.
We need to check that if CONFIG_EFI_TCG2_PROTOCOL=y no kaslr-seed node is passed to EFI binaries.
The right location for such a test is lib/efi_selftest/efi_selftest_tcg2.c.
Hi Heinrich,
I see you sent a patch for that but I'm not understanding how that fits into the ut framework.
We need as similar check for CONFIG_MEASURED_BOOT=y.
Can you explain more please?
The idea of measured boot is that you check if the hash has the same value every time you boot. If you measure the device-tree and it contains a random value, you get a random hash.
Best regards
Heinrich
Does this explain the CI failures I see here: https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log... https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log...
I'm still trying to make sense of those.
In order to test this locally I built for sandbox64_defconfig and ran "./u-boot -Dc 'ut fdt'" but it seems that doesn't cover enough cases.
I believe I understand the Azure pipeline failures now. I don't see exactly where they pick a defconfig but the failed test cases are under 'test.py for sandbox sandbox' and 'test.py for sandbox sandbox_clang' which I've come to understand means they use 'sandbox_defconfig' which defines CONFIG_MEASURED_BOOT where sandbox64_defconfig which I tested does not.
So I need to update the test to:
if (IS_ENABLED(CONFIG_DM_RNG) &&!IS_ENABLED(CONFIG_MEASURED_BOOT) &&!IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))ut_assert_nextlinen("\tkaslr-seed = ");I've issued a PR for v7 to test via CI and will submit if all is well.
Best Regards,
Tim
Best regards,
Tim
Best regards
Heinrich
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com
v6: new patch
test/cmd/fdt.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c index 547085521758..537d8a338bbf 100644 --- a/test/cmd/fdt.c +++ b/test/cmd/fdt.c @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));@@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));
On Tue, Jun 18, 2024 at 9:45 AM Tim Harvey tharvey@gateworks.com wrote:
On Tue, Jun 18, 2024 at 8:48 AM Tim Harvey tharvey@gateworks.com wrote:
On Tue, Jun 18, 2024 at 4:51 AM Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 17.06.24 21:14, Tim Harvey wrote:
Now that kaslr-seed is automatically added to the chosen node if DM_RNG is enabled, adjust the test to expect this.
We need to check that if CONFIG_EFI_TCG2_PROTOCOL=y no kaslr-seed node is passed to EFI binaries.
The right location for such a test is lib/efi_selftest/efi_selftest_tcg2.c.
Hi Heinrich,
I see you sent a patch for that but I'm not understanding how that fits into the ut framework.
We need as similar check for CONFIG_MEASURED_BOOT=y.
Can you explain more please?
Does this explain the CI failures I see here: https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log... https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log...
I'm still trying to make sense of those.
In order to test this locally I built for sandbox64_defconfig and ran "./u-boot -Dc 'ut fdt'" but it seems that doesn't cover enough cases.
I believe I understand the Azure pipeline failures now. I don't see exactly where they pick a defconfig but the failed test cases are under 'test.py for sandbox sandbox' and 'test.py for sandbox sandbox_clang' which I've come to understand means they use 'sandbox_defconfig' which defines CONFIG_MEASURED_BOOT where sandbox64_defconfig which I tested does not.
So I need to update the test to:
if (IS_ENABLED(CONFIG_DM_RNG) &&!IS_ENABLED(CONFIG_MEASURED_BOOT) &&!IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))ut_assert_nextlinen("\tkaslr-seed = ");I've issued a PR for v7 to test via CI and will submit if all is well.
Hi Tom,
Can you explain what the following Azure pipeline error means [1]?
=================================== FAILURES =================================== ____________ TestEfiCapsuleFirmwareSignedRaw.test_efi_capsule_auth5 ____________ test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py:178: in test_efi_capsule_auth5 capsule_setup(u_boot_console, disk_img, '0x0000000000000004') test/py/tests/test_efi_capsule/capsule_common.py:17: in capsule_setup u_boot_console.run_command_list([ test/py/u_boot_console_base.py:297: in run_command_list output.append(self.run_command(cmd)) test/py/u_boot_console_base.py:256: in run_command m = self.p.expect([chunk] + self.bad_patterns) test/py/u_boot_spawn.py:193: in expect raise Timeout() E u_boot_spawn.Timeout ----------------------------- Captured stdout call ----------------------------- => host bind 0 /tmp/sandbox/persistentcyclic function wdt-gpio-level took too long: 5523us vs 5000us max -data/test_efi_capsule.img
This seems like something from test/dm/wdt.c and unrelated to my patchset.
Best Regards,
Tim [1] https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8731&view=log...
Best Regards,
Tim
Best regards,
Tim
Best regards
Heinrich
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com
v6: new patch
test/cmd/fdt.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c index 547085521758..537d8a338bbf 100644 --- a/test/cmd/fdt.c +++ b/test/cmd/fdt.c @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));@@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));
Hi Tim,
On Tue, Jun 18, 2024 at 4:30 PM Tim Harvey tharvey@gateworks.com wrote:
This seems like something from test/dm/wdt.c and unrelated to my patchset.
Do you have this recent commit applied?
https://github.com/u-boot/u-boot/commit/1fd754cebd38d7456caa82bef15225cbe779...
On Tue, Jun 18, 2024 at 12:35 PM Fabio Estevam festevam@gmail.com wrote:
Hi Tim,
On Tue, Jun 18, 2024 at 4:30 PM Tim Harvey tharvey@gateworks.com wrote:
This seems like something from test/dm/wdt.c and unrelated to my patchset.
Do you have this recent commit applied?
https://github.com/u-boot/u-boot/commit/1fd754cebd38d7456caa82bef15225cbe779...
Hi Fabio,
Nope - I'm 1 day behind :)
That would appear to be the issue... I'll rebase on todays origin/master and try again.
Thanks,
Tim
On Tue, Jun 18, 2024 at 12:51 PM Tim Harvey tharvey@gateworks.com wrote:
On Tue, Jun 18, 2024 at 12:35 PM Fabio Estevam festevam@gmail.com wrote:
Hi Tim,
On Tue, Jun 18, 2024 at 4:30 PM Tim Harvey tharvey@gateworks.com wrote:
This seems like something from test/dm/wdt.c and unrelated to my patchset.
Do you have this recent commit applied?
https://github.com/u-boot/u-boot/commit/1fd754cebd38d7456caa82bef15225cbe779...
Hi Fabio,
Nope - I'm 1 day behind :)
That would appear to be the issue... I'll rebase on todays origin/master and try again.
Fabio,
That didn't quite do it... I'm seeing Azure pipeline timeouts beyond 5000us: host bind 0 /tmp/sandbox/persistent-cyclic function wdt-gpio-level took too long: 5368us vs 5000us max
Seems silly to just keep bumping this default?
Tim
participants (3)
-
Fabio Estevam -
Heinrich Schuchardt -
Tim Harvey