From 03de305ec48b0bb28554372abb40ccd46dbe0bf9 Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Mon, 20 May 2024 13:35:03 -0600 Subject: Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet" As part of bringing the master branch back in to next, we need to allow for all of these changes to exist here. Reported-by: Jonas Karlman Signed-off-by: Tom Rini --- boot/fdt_support.c | 1 - 1 file changed, 1 deletion(-) (limited to 'boot/fdt_support.c') diff --git a/boot/fdt_support.c b/boot/fdt_support.c index 2bd80a9dfb1..874ca4d6f5a 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -6,7 +6,6 @@ * Copyright 2010-2011 Freescale Semiconductor, Inc. */ -#include #include #include #include -- cgit v1.2.3 From 00afd1ec82161aa7702d184fc6acdad256c44c82 Mon Sep 17 00:00:00 2001 From: Tim Harvey Date: Tue, 18 Jun 2024 14:06:06 -0700 Subject: Add fdt_kaslrseed function to add kaslr-seed to chosen node If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. Add a fdt_kaslrseed function to accommodate this allowing an existing node to be overwritten if present. For now use the first rng device but it would be good to enhance this in the future to allow some sort of selection or policy in choosing the rng device used. Signed-off-by: Tim Harvey Reviewed-by: Simon Glass Cc: Michal Simek Cc: Andy Yan Cc: Akash Gajjar Cc: Ilias Apalodimas Cc: Simon Glass Cc: Patrick Delaunay Cc: Patrice Chotard Cc: Devarsh Thakkar Cc: Heinrich Schuchardt Cc: Hugo Villeneuve Cc: Marek Vasut Cc: Tom Rini Cc: Chris Morgan Reviewed-by: Caleb Connolly --- boot/fdt_support.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'boot/fdt_support.c') diff --git a/boot/fdt_support.c b/boot/fdt_support.c index 2bd80a9dfb1..b1b2679dea0 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -7,12 +7,15 @@ */ #include +#include #include #include #include #include #include +#include #include +#include #include #include #include @@ -274,6 +277,47 @@ int fdt_initrd(void *fdt, ulong initrd_start, ulong initrd_end) return 0; } +int fdt_kaslrseed(void *fdt, bool overwrite) +{ + int len, err, nodeoffset; + struct udevice *dev; + const u64 *orig; + u64 data = 0; + + err = fdt_check_header(fdt); + if (err < 0) + return err; + + /* find or create "/chosen" node. */ + nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen"); + if (nodeoffset < 0) + return nodeoffset; + + /* return without error if we are not overwriting and existing non-zero node */ + orig = fdt_getprop(fdt, nodeoffset, "kaslr-seed", &len); + if (orig && len == sizeof(*orig)) + data = fdt64_to_cpu(*orig); + if (data && !overwrite) { + debug("not overwriting existing kaslr-seed\n"); + return 0; + } + err = uclass_get_device(UCLASS_RNG, 0, &dev); + if (err) { + printf("No RNG device\n"); + return err; + } + err = dm_rng_read(dev, &data, sizeof(data)); + if (err) { + dev_err(dev, "dm_rng_read failed: %d\n", err); + return err; + } + err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", &data, sizeof(data)); + if (err < 0) + printf("WARNING: could not set kaslr-seed %s.\n", fdt_strerror(err)); + + return err; +} + /** * board_fdt_chosen_bootargs - boards may override this function to use * alternative kernel command line arguments -- cgit v1.2.3 From ea955eea4f662b7e37d74228fed0c9147e6dba88 Mon Sep 17 00:00:00 2001 From: Tim Harvey Date: Tue, 18 Jun 2024 14:06:07 -0700 Subject: fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to randomize the virtual address at which the kernel image is loaded, it expects entropy to be provided by the bootloader by populating /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. If we have DM_RNG enabled populate this value automatically when fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT is enabled as its implementation uses a different source of entropy that is not yet implemented as DM_RNG. We also skip this if MEASURED_BOOT is enabled as in that case any modifications to the dt will cause measured boot to fail (although there are many other places the dt is altered). Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well. Signed-off-by: Tim Harvey Reviewed-by: Simon Glass Cc: Michal Simek Cc: Andy Yan Cc: Akash Gajjar Cc: Ilias Apalodimas Cc: Simon Glass Cc: Patrick Delaunay Cc: Patrice Chotard Cc: Devarsh Thakkar Cc: Heinrich Schuchardt Cc: Hugo Villeneuve Cc: Marek Vasut Cc: Tom Rini Cc: Chris Morgan --- boot/fdt_support.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'boot/fdt_support.c') diff --git a/boot/fdt_support.c b/boot/fdt_support.c index b1b2679dea0..4559adcd5e2 100644 --- a/boot/fdt_support.c +++ b/boot/fdt_support.c @@ -345,6 +345,15 @@ int fdt_chosen(void *fdt) if (nodeoffset < 0) return nodeoffset; + /* if DM_RNG enabled automatically inject kaslr-seed node unless: + * CONFIG_MEASURED_BOOT enabled: as dt modifications break measured boot + * CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT enabled: as that implementation does not use dm yet + */ + if (IS_ENABLED(CONFIG_DM_RNG) && + !IS_ENABLED(CONFIG_MEASURED_BOOT) && + !IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)) + fdt_kaslrseed(fdt, false); + if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) { err = fdt_setprop(fdt, nodeoffset, "rng-seed", abuf_data(&buf), abuf_size(&buf)); -- cgit v1.2.3