On Thu, 30 May 2024 at 16:06, Tim Harvey <[email protected]> wrote: > > If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to > randomize the virtual address at which the kernel image is loaded, it > expects entropy to be provided by the bootloader by populating > /chosen/kaslr-seed with a 64-bit value from source of entropy at boot. > > Add a fdt_kaslrseed function to accommodate this allowing an existing > node to be overwritten if present. For now use the first rng device > but it would be good to enhance this in the future to allow some sort > of selection or policy in choosing the rng device used. > > Signed-off-by: Tim Harvey <[email protected]> > Cc: Michal Simek <[email protected]> > Cc: Andy Yan <[email protected]> > Cc: Akash Gajjar <[email protected]> > Cc: Ilias Apalodimas <[email protected]> > Cc: Simon Glass <[email protected]> > Cc: Patrick Delaunay <[email protected]> > Cc: Patrice Chotard <[email protected]> > Cc: Devarsh Thakkar <[email protected]> > Cc: Heinrich Schuchardt <[email protected]> > Cc: Hugo Villeneuve <[email protected]> > Cc: Marek Vasut <[email protected]> > Cc: Tom Rini <[email protected]> > Cc: Chris Morgan <[email protected]> > --- > v5: > - move function to boot/fdt_support.c > - remove ability to select rng index and note in the commit log > something like this as a future enhancement. > - fixed typo in commit message s/it's/its/ > - use cmd_process_error per Michal's suggestion > v4: > - add missing /n to notice in kaslrseed cmd > - combine ints in declaration > - remove unused vars from board/xilinx/common/board.c ft_board_setup > v3: > - skip if CONFIG_MEASURED_BOOT > - fix skip for CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT > - pass in rng index and bool to specify overwrite > - remove duplicate error strings printed outside of fdt_kaslrseed > - added note to commit log about how EFI STUB weeds out kalsr-seed > v2: > - fix typo in commit msg > - use stack for seed to avoid unecessary malloc/free > - move to a library function and deduplicate code by using it > elsewhere > --- > boot/fdt_support.c | 44 +++++++++++++++++++++++++++++++++++++++++++ > include/fdt_support.h | 10 ++++++++++ > 2 files changed, 54 insertions(+) >
Reviewed-by: Simon Glass <[email protected]>
