From patchwork Wed Aug 16 10:28:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ruchika Gupta X-Patchwork-Id: 801978 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3xXQY46msMz9t42 for ; Wed, 16 Aug 2017 20:28:23 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 1B2F1C21E49; Wed, 16 Aug 2017 10:28:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAD_ENC_HEADER, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id A5E7AC21D99; Wed, 16 Aug 2017 10:28:16 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3FF03C21D99; Wed, 16 Aug 2017 10:28:15 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0047.outbound.protection.outlook.com [104.47.32.47]) by lists.denx.de (Postfix) with ESMTPS id 19EDDC21C2F for ; Wed, 16 Aug 2017 10:28:14 +0000 (UTC) Received: from MWHPR03CA0054.namprd03.prod.outlook.com (10.174.173.171) by MWHPR03MB3325.namprd03.prod.outlook.com (10.174.249.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1341.21; Wed, 16 Aug 2017 10:28:12 +0000 Received: from BN1AFFO11FD040.protection.gbl (2a01:111:f400:7c10::159) by MWHPR03CA0054.outlook.office365.com (2603:10b6:301:3b::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1341.21 via Frontend Transport; Wed, 16 Aug 2017 10:28:11 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1AFFO11FD040.mail.protection.outlook.com (10.58.52.251) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1304.16 via Frontend Transport; Wed, 16 Aug 2017 10:28:11 +0000 Received: from vinitha-OptiPlex-790.ap.freescale.net (vinitha-OptiPlex-790.ap.freescale.net [10.232.134.143]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id v7GAS8u0031688; Wed, 16 Aug 2017 03:28:09 -0700 From: Ruchika Gupta To: Date: Wed, 16 Aug 2017 15:58:10 +0530 Message-ID: <1502879290-17616-1-git-send-email-ruchika.gupta@nxp.com> X-Mailer: git-send-email 2.7.4 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131473528912659819; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(336005)(39380400002)(39860400002)(2980300002)(1109001)(1110001)(339900001)(189002)(199003)(498600001)(97736004)(68736007)(110136004)(106466001)(47776003)(356003)(81156014)(81166006)(8676002)(2351001)(77096006)(85426001)(8656003)(33646002)(8936002)(36756003)(50226002)(5660300001)(6666003)(2906002)(104016004)(6916009)(105606002)(4326008)(50986999)(626005)(189998001)(50466002)(48376002)(305945005)(5003940100001)(86362001)(53936002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR03MB3325; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN1AFFO11FD040; 1:NVxfw0yGjpUABkr8nFeqbBsEUEZeKugiGIvp8i9lk?= =?us-ascii?Q?cXThulUschuiBK1LpkGyNXTh4QdM9eHQaUknsbri0s1opUI01waa4l3pYDiR?= =?us-ascii?Q?nYq7pMWq9T+Xn96qIJyjNbo/gewdCIuqYKO17qrOikMjX35xIsAbF0+uAKr1?= =?us-ascii?Q?50HVaAhOsOsPsW6QOuFYd7N/9JH8oOKDC53lreXsx8CZQDUmoFAfrJgORkFS?= =?us-ascii?Q?S27+WsdLkrmVFx0z77IrnrUp+D5iHBDAbXZGB+7+g1dkyUCCF3aye74wojHD?= =?us-ascii?Q?9HJ8URQr6XrtgjAAhEdn5t3fPSPx9MRcoB5NpYekJlcbz++nqCpgkdTik+MR?= =?us-ascii?Q?gSPz2g81KPpf3gHv2kz1k3bWzOuRyDBqiDLl9t9KUe9eAdksBSbIwfV6iMtv?= =?us-ascii?Q?h/gq4CxD27JTf3bK1NcSw2bD7WwUzVAaMfpxKSwa38WBoCPfQ7Ww6B536Sap?= =?us-ascii?Q?dBR2jYB/3eVSEO+pczL/Hs0ghRnVcW8/kQ23XGSYsYN4LHqm9E1tkWfaqo2X?= =?us-ascii?Q?jWeg3zdD3yYbTYNT+sfcawccwcZv1h8t5j2hq/ImO0ZD0rpQHBKIzJb3rQAp?= =?us-ascii?Q?dDX3tDTW8fUQWiTEy07PiuCCh03Le+P3pYEUFh1LFR2fRm2XxCHr4jXSmPIW?= =?us-ascii?Q?maTsk9baBrp7VnxmzheL87NGBqAxAoL+Cp3mkQZatceoqg8ln/sstTDsbqBf?= =?us-ascii?Q?jvzeadWa5ICDtohmXhzGzIu536aH9XO2dC9x+GUvsSJKa/QWk9FL/ddrGkUd?= =?us-ascii?Q?cEutfVsIGEdsb5ju1JdCeB09RkaM8RYyhTZfcpskJyEGizUTveaH7uIlaUYE?= =?us-ascii?Q?OkN7iTFHXN9slryVubmQgsL87MTgykxiGnECisRvHmjlE6jYnCrfcVmz1ZIa?= =?us-ascii?Q?msMZ2vrzxgYN9cHd6Yf3T7KyCFpda2Xq8ut+dpZv/WiIa4c3F7ogvyBq//3S?= =?us-ascii?Q?IMA0j5z5fMOzMQN16zo0RlBNen8TJJ3dhbXPUVcTA=3D=3D?= MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7b87afaf-93a2-4568-c56b-08d4e4917eab X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603031)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:MWHPR03MB3325; X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB3325; 3:7kA2ytAA0lJ8nDSIzzQBjzM7mW3yKN4zpmwLQ4BDFPYzsgbtKPWOp+fcZi3Iw/KfYTsKaVQIW/MOeY0L4HLoq58lWiaIceexo4TEnILSIWjcrkjF8pBzqyRVwqFT43TbEQvsfXIUg1nz2+OW5hNc0ujMoWHif1u+r5VFQs0rl1I6BY8J7adlukterPRKIdoQxAwA1NscQRzUEbRES/glfG3v4WHJSCVn8th6viIBYa/4N6oOZeu5QlflQ5A8mZevgwXCvkYfXq5D2TPFnuTpAOvq5wE9+m9Xf6wHyYeZBAKvXDKonq2qFOo0ODUsASB1Z7qHiktfkCjMZNY0o9f+EDDtZqHP6peV4GFJOUBorfA=; 25:aOkIEuImq1lNh0DdrKokVkHdO0s4Frn9acSiKPUzWIAun0YpYPvyqkRCsv0yh2mcWT2ML+KCDvdYBiRQOLQzQSeNPYvgkTu0DMrIOCEbkqwmufFxCMlxyWCO1DyI9Y8xlLLRTsomhR+T/pqP09RiJy8lB+7NbLcW3qdrGmwcpJlpJ3wsFk1/O+kamHuS+RZKXf8yC2kF7xBclGIBc8Y7p8kwo9swUUsB3GxIhysRFgORdGSY/ORHPeZb8S177xKKTS8ubyjRbzkmOCGqnsDfAAofrM86DN7TVI0F9hYa5epihiyQw7a2NdFcR+zIOlEV1Jy6SHgxzU11WGOqkg51QA== X-MS-TrafficTypeDiagnostic: MWHPR03MB3325: X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB3325; 31:28hpex9EltXJdRFvz+wbqEVha5X5mpbjzfebztag+vxE/72R0EmD1zSnJgPBQMsboHk2w66LN8eAVbofmo7zgf/clRljFbnPZSWpLxIfZYUmnO/nuWwqhXqZlUwkZ9dmpGPaUyuiYHQjc0ACM+MDR4m8o7VpIW5XlwJF+C7bepHWEMbddRjgpDyLVg3gOyTZhf//EuMIeWnfe7qdcF5mMlOHtHp3MIT5iiltHAAJsXs=; 4:oUWTvZOocRdLiGlBSFMpSy72UMublahnNoJjgseFQThgnMQDIbK13VMP3qySK2G4ebzjdfSrrY1HOcReZdDJx49Yp3T0sPFk5d8Ro8wgc9wpr1yDxelIo0Rd6u2GnB2Le8Mbb78mT8lYrcvPQv+xWcrajiXx7O6i3k95r4fzoPGE1kcGv/fSsSj8Q4mPnBDLjq+66chaObRvrE4XD4AI2J7sQXOTEJ8MXVaDtE23Y9ZxwWlPE5Powz4xbDNsGqXilE3hYSDrUahf1cWt0gylnYjMHRQa/15N6yb8PsP8gRU= X-Exchange-Antispam-Report-Test: UriScan:(185117386973197); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(601004)(2401047)(5005006)(13018025)(8121501046)(13016025)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6096035)(20161123565025)(201703131430075)(201703131441075)(201703131448075)(201703131433075)(201703161259150)(20161123556025)(20161123563025)(20161123561025)(20161123559100)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR03MB3325; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR03MB3325; X-Forefront-PRVS: 0401647B7F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MWHPR03MB3325; 23:SwzikhB9Ogp7eveXJ82frZtjDeHUVft0dd+zPAbWQ?= =?us-ascii?Q?3EnrGXLhyVuaUJ8fJp3IcYpKyJExF53nrObxsq3F1j++JYIDL84/l3roVeL+?= =?us-ascii?Q?sgnguHDSaSIznKjr7LOL2f5aoi72VzBKMTXQzlJk6l7gH+c8iM13VQ99ybMh?= =?us-ascii?Q?yqN1IZ8f9e+a1nxrA63d4K8+AgdT2Gopwt/i3rFqfqvc8reVF/xQbGh3VWe4?= =?us-ascii?Q?5zSY+p5az09k6j33zhPGikCch7v3/b+8IFEsqUiArHkmUdWewCUnsYTvO/bx?= =?us-ascii?Q?7YmmdQxP8tibAR19f2BEXJfmuefsbnKgxONkuk/uIcHY0P0YU2FT9v2TyAVh?= =?us-ascii?Q?8bLSJBtY5Y79pjONlcJE3MOQ80IALg/DZge8Z7WJejyTyjaPNGz3jTYmF8SC?= =?us-ascii?Q?BofYVkSJqDhmNdOFq466g/Ll3uZsnw1h43I8zLVHReFNeLv8HvFTPoo3vTRF?= =?us-ascii?Q?ue9q1N3k6ybsOiFP0xR/ABAPkJArd/r+9inIU3NTPkyezNkohqfOaI6xprdz?= =?us-ascii?Q?XGbKvUcGC+djVCeTEbaQvOtSbSZ96ZZBNmgyokrXXDqcxmxbeFGPCeKssxDw?= =?us-ascii?Q?2nQnja8g7SXCttNt3GCEIrnadWCWkUQA2b9HvrcZeVJkpmSod6BpqyLGQHWm?= =?us-ascii?Q?Lo2fNOi1T/OO7eHtfP6QlOgVhBMBp/F1i2fM4lMjPdhjxhAD+FjnLXPJR7Kt?= =?us-ascii?Q?S9jR8BRJBKRd0QMFFl2wYe0l/iObC2egZdJw5+DE2peIVpyIgNADF1Cbd7gl?= =?us-ascii?Q?njpcsfctThusI+XnkEeqeEmOYuzkEZaNUo5XXH+iKFQl9/l79vTNFslbIWPT?= =?us-ascii?Q?b/yjfKYmzp6o/Bl6FxAxRQh95xx52yWWzUJod8b6vdfC3ab5cVbnYtpG3zEH?= =?us-ascii?Q?14XE0HohclEavR87wV0JEx5zishMWdoj+utYtHPHMb5P19OeiZIk67PJFtSW?= =?us-ascii?Q?2JzmbqujIwmEs1nvy07EwDK8PsCa+KbIvmzSbZScQxcRGTnZRn8lOgSZ6zRJ?= =?us-ascii?Q?Dm492k/LX8GrPL5ISL7mCATrrqjjPbCdCzLAmd79gRt8kK6yVvJ51fdDDJU7?= =?us-ascii?Q?WoBZ60=3D?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB3325; 6:J6vcfWLZjGeejv0/I9K1yfxJND4TfmTnMLYi7cadMAaogaRqLHClZ0fwjaB0PMhc6fj9Wft6ZNGG57hMGyjgkXpcS8aBwXUbNy3zZB/KjDDqXBoRWrpqScy/eOJzENQiB3W4bBzWwM6KbZiIXA9GejxIcfF391Vj8+2zQWaLm7HDvvpqi4EfEW6odRB9ijfyoPl1UTUxIk7FOZZBgVTWzbqkcdG4OnwLf0Gm2yv5CWoVPKktwo8vuHshOvquYiPl6GrIPG1SBlz6sfBXwyrCLncLgQThDHBfrZ3lsaSE/TerarpD+wj/GhAkYpckeSWBO+5FrsDt3bwmbUltJgBj5g==; 5:2pliXN/zSfT+mPhHRSLgtXrv5cCoTdzOISkQu/pbCQNLaxOlWXLPgSY2QIOn3o41rhBxgUxVBxlXyQmtlxZMQBt+BMzCVMu8ayzZxTtqd3MjYCueiYkYwy7cAZDLVeDm9WkfBn3fTfhpIHbQqjhmZw==; 24:YvAwpKwFeogCfPm5k2rdyQ2152cLvWy1YefzkwyCpfVaZMCzKX3nloVQ6GVQQgopGoqqnwXH1lSX3CRP9iprBqJZZOSlh8t0Wt7ANSrjZ/c=; 7:EfRE2sJov43Hw041hAt3ifuL/RPwCbwEvrhV/lXgmoqL9H7P6A58LHlCfKaeMPij3PXq/1L6uoz8MsbR2ANB1ffEh8+4H2aq/YPkTyQzNMD64+fmChHDjN1yre6H4lWTAp/vI8sIoi4KOK/Oqni5daV9N3o2LMNP/a1HBo92Vr5Q0ptsdNJ6dASoPX5DmmvP9hoMOX7NWqFmoZpCwPT0kIWHBRNhqY7rWJd7AcszQm0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Aug 2017 10:28:11.0943 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR03MB3325 Cc: Ruchika Gupta Subject: [U-Boot] [PATCH][v4] ARMv8/sec_firmware : Update chosen/kaslr-seed with random number X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta --- Changes from v3: fdt_fixup_kaslr function is valid only if secure firmare is enabled. So the call to this function is done only if CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT is enabled Changes from v2: fix-kaslr-seed moved to sec_firmware.c Changes from v1 - Extra spaces removed from the patch - Support added for LSCH3 devices in the patch - of calls replaced with fdt calls to remove compilation error with latest uboot arch/arm/cpu/armv8/fsl-layerscape/fdt.c | 37 +++++++++++- arch/arm/cpu/armv8/sec_firmware.c | 99 +++++++++++++++++++++++++++++++ arch/arm/include/asm/armv8/sec_firmware.h | 9 +++ 3 files changed, 142 insertions(+), 3 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c index f5f4840..c925275 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c @@ -345,11 +345,38 @@ static void fdt_fixup_msi(void *blob) } #endif +#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT +/* Remove JR node used by SEC firmware */ +void fdt_fixup_remove_jr(void *blob) +{ + int jr_node, addr_cells, len; + int crypto_node = fdt_path_offset(blob, "crypto"); + u64 jr_offset, used_jr; + fdt32_t *reg; + + used_jr = sec_firmware_used_jobring_offset(); + fdt_support_default_count_cells(blob, crypto_node, &addr_cells, NULL); + + jr_node = fdt_node_offset_by_compatible(blob, crypto_node, + "fsl,sec-v4.0-job-ring"); + + while (jr_node != -FDT_ERR_NOTFOUND) { + reg = (fdt32_t *)fdt_getprop(blob, jr_node, "reg", &len); + jr_offset = fdt_read_number(reg, addr_cells); + if (jr_offset == used_jr) { + fdt_del_node(blob, jr_node); + break; + } + jr_node = fdt_node_offset_by_compatible(blob, jr_node, + "fsl,sec-v4.0-job-ring"); + } +} +#endif + void ft_cpu_setup(void *blob, bd_t *bd) { -#ifdef CONFIG_FSL_LSCH2 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); - unsigned int svr = in_be32(&gur->svr); + unsigned int svr = gur_in32(&gur->svr); /* delete crypto node if not on an E-processor */ if (!IS_E_PROCESSOR(svr)) @@ -358,11 +385,15 @@ void ft_cpu_setup(void *blob, bd_t *bd) else { ccsr_sec_t __iomem *sec; +#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT + if (fdt_fixup_kaslr(blob)) + fdt_fixup_remove_jr(blob); +#endif + sec = (void __iomem *)CONFIG_SYS_FSL_SEC_ADDR; fdt_fixup_crypto_node(blob, sec_in32(&sec->secvid_ms)); } #endif -#endif #ifdef CONFIG_MP ft_fixup_cpu(blob); diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c index fffce71..0e74834 100644 --- a/arch/arm/cpu/armv8/sec_firmware.c +++ b/arch/arm/cpu/armv8/sec_firmware.c @@ -232,6 +232,59 @@ unsigned int sec_firmware_support_psci_version(void) #endif /* + * Check with sec_firmware if it supports random number generation + * via HW RNG + * + * The return value will be true if it is supported + */ +bool sec_firmware_support_hwrng(void) +{ + uint8_t rand[8]; + if (sec_firmware_addr & SEC_FIRMWARE_RUNNING) { + if (!sec_firmware_get_random(rand, 8)) + return true; + } + + return false; +} + +/* + * sec_firmware_get_random - Get a random number from SEC Firmware + * @rand: random number buffer to be filled + * @bytes: Number of bytes of random number to be supported + * @eret: -1 in case of error, 0 for success + */ +int sec_firmware_get_random(uint8_t *rand, int bytes) +{ + unsigned long long num; + struct pt_regs regs; + int param1; + + if (!bytes || bytes > 8) { + printf("Max Random bytes genration supported is 8\n"); + return -1; + } +#define SIP_RNG_64 0xC200FF11 + regs.regs[0] = SIP_RNG_64; + + if (bytes <= 4) + param1 = 0; + else + param1 = 1; + regs.regs[1] = param1; + + smc_call(®s); + + if (regs.regs[0]) + return -1; + + num = regs.regs[1]; + memcpy(rand, &num, bytes); + + return 0; +} + +/* * sec_firmware_init - Initialize the SEC Firmware * @sec_firmware_img: the SEC Firmware image address * @eret_hold_l: the address to hold exception return address low @@ -278,3 +331,49 @@ int sec_firmware_init(const void *sec_firmware_img, return 0; } + +/* + * fdt_fix_kaslr - Add kalsr-seed node in Device tree + * @fdt: Device tree + * @eret: 0 in case of error, 1 for success + */ +int fdt_fixup_kaslr(void *fdt) +{ + int nodeoffset; + int err, ret = 0; + u8 rand[8]; + +#if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT) + /* Check if random seed generation is supported */ + if (sec_firmware_support_hwrng() == false) + return 0; + + ret = sec_firmware_get_random(rand, 8); + if (ret < 0) { + printf("WARNING: No random number to set kaslr-seed\n"); + return 0; + } + + err = fdt_check_header(fdt); + if (err < 0) { + printf("fdt_chosen: %s\n", fdt_strerror(err)); + return 0; + } + + /* find or create "/chosen" node. */ + nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen"); + if (nodeoffset < 0) + return 0; + + err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand, + sizeof(rand)); + if (err < 0) { + printf("WARNING: can't set kaslr-seed %s.\n", + fdt_strerror(err)); + return 0; + } + ret = 1; +#endif + + return ret; +} diff --git a/arch/arm/include/asm/armv8/sec_firmware.h b/arch/arm/include/asm/armv8/sec_firmware.h index bc1d97d..6d42a71 100644 --- a/arch/arm/include/asm/armv8/sec_firmware.h +++ b/arch/arm/include/asm/armv8/sec_firmware.h @@ -8,10 +8,14 @@ #define __SEC_FIRMWARE_H_ #define PSCI_INVALID_VER 0xffffffff +#define SEC_JR3_OFFSET 0x40000 int sec_firmware_init(const void *, u32 *, u32 *); int _sec_firmware_entry(const void *, u32 *, u32 *); bool sec_firmware_is_valid(const void *); +bool sec_firmware_support_hwrng(void); +int sec_firmware_get_random(uint8_t *rand, int bytes); +int fdt_fixup_kaslr(void *fdt); #ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI unsigned int sec_firmware_support_psci_version(void); unsigned int _sec_firmware_support_psci_version(void); @@ -22,4 +26,9 @@ static inline unsigned int sec_firmware_support_psci_version(void) } #endif +static inline unsigned int sec_firmware_used_jobring_offset(void) +{ + return SEC_JR3_OFFSET; +} + #endif /* __SEC_FIRMWARE_H_ */