From patchwork Sat Jan 29 02:06:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhang Ning X-Patchwork-Id: 1586075 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=qq.com header.i=@qq.com header.a=rsa-sha256 header.s=s201512 header.b=gJlq98He; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jm0yG62rWz9t4b for ; Sat, 29 Jan 2022 15:01:58 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BE40E8210D; Sat, 29 Jan 2022 05:01:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=qq.com header.i=@qq.com header.b="gJlq98He"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A5AD683675; Sat, 29 Jan 2022 03:07:16 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: * X-Spam-Status: No, score=1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,HELO_DYNAMIC_IPADDR,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 Received: from out203-205-221-231.mail.qq.com (out203-205-221-231.mail.qq.com [203.205.221.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 11550835B3 for ; Sat, 29 Jan 2022 03:07:09 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=zhangn1985@qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1643422024; bh=1Dvwpa25Hkm9GO3nvK94Y17uwgF0dbkxWrAndNkWEe8=; h=From:To:Cc:Subject:Date; b=gJlq98HeY4RNUikuy/aEvaKhTmjukyXFyCj/MTXipsaoYvFlz9aCAjdOn9fW9doxW WjTPwilidj05wqtpqV9L3xnqwQohjDPb3leMJ/KqLPaA3JtpCORk7u6SI8iM2oHah8 efzmxBmzJjx/XQZKKyDgLjKp2VOnUsoyLkDzkdJI= Received: from TS-551.. ([101.229.112.157]) by newxmesmtplogicsvrszb6.qq.com (NewEsmtp) with SMTP id 1C29E28C; Sat, 29 Jan 2022 10:07:02 +0800 X-QQ-mid: xmsmtpt1643422022t78e574mb Message-ID: X-QQ-XMAILINFO: N/gmVCZIGcnmRr6jleU6Oaus0ADRvFJ2WkPD/IOXa3hz1K2WKuZpKSdba+fqiJ wVBayqKD6wks2hGP6ko0nV1SYWjxkqx6HDsaeFoFhX+74asgF3gzAGrpy+c2dKeJDrEWh9cRy922 yoOZakDw8P6xtTt84cmsTwaNZQ+XbivoOY4KwOqPNOkD6NQERUO9dLEV1TIME4u6gfI/9RK5p40Z U26qA1111yZC+wYskC09bK6XKLoI6YINoqjW9RmqrTwkty5HjpPomH1iDrkqmJmWmc+Bs06KOMJZ rPVC3g+8H0IHWq+4q226PygxsTgwavvuHUltWq+2eG7YYaYLcG+lQsZCpiSSeOLCej0ym1WzCPOK eyA7dRdXltqH3Lov5JMknvyBkdYMb524QAbvsltFXZJLIxabeXgkuWoKwB8cakx7vzGOPkaCwJDt A7CnKoKIN41BDQQtDgPakvgakfpheHVQqo3FpcM1ARnsxk2UcuZK9UEIaophQshwiH83nhi5cLTO MUWVfn2NcklaNr4aHTq9XrIiNdQcci8WxaerOet1FoIOQuVL7DGCH9YpB2wXB138u+H39GyFFFPd BEukyDs98fQ3oaCiijwK/NpVx2WpYRGluLUzR9UXMvb9kDj70d3lp8im1XVHL/gTbhaC69esERgQ eg28tNGd5aNti5cVMrBo0MOuZpTy/JFcKuBDtLq3zERVv70dFQpOfKcnGjSwHHc5eCGCKQPoCM6y JUAeZnQDJu6vcJUXjTsZ0JtLLF5gPIAwbaD+eAOvKg6xlg2cT1VA4nkfIXDE/CiUTV+KVfOhkTC+ vgUfVUKIAU6AHA9ZKy+gNA4bFrqYD19BebcEVsvwFAb8qxSmISSwdn From: Zhang Ning To: u-boot@lists.denx.de Cc: Zhang Ning Subject: [PATCH] add kaslr-seed generation to extlinux.conf Date: Sat, 29 Jan 2022 10:06:53 +0800 X-OQ-MSGID: <20220129020653.16353-1-zhangn1985@qq.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Mailman-Approved-At: Sat, 29 Jan 2022 05:01:53 +0100 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean add kaslrseed key word to extlinux.conf, which means generate kaslr-seed for linux with this patch exlinux.conf boot item looks like label l0 menu testing linux /boot/vmlinuz-5.15.16-arm initrd /boot/initramfs-5.15.16-arm.img fdtdir /boot/dtbs/5.15.16-arm/ kaslrseed append root=UUID=92ae1e50-eeeb-4c5b-8939-7e1cd6cfb059 ro Signed-off-by: Zhang Ning --- boot/pxe_utils.c | 69 +++++++++++++++++++++++++++++++++++++++++++++ include/pxe_utils.h | 2 ++ 2 files changed, 71 insertions(+) diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c index bb231b11a2..c7c422926e 100644 --- a/boot/pxe_utils.c +++ b/boot/pxe_utils.c @@ -20,6 +20,11 @@ #include #include +#ifdef CONFIG_DM_RNG +#include +#include +#endif + #include #include @@ -311,6 +316,61 @@ static int label_localboot(struct pxe_label *label) return run_command_list(localcmd, strlen(localcmd), 0); } +/* + * label_boot_kaslrseed generate kaslrseed from hw rng + */ + +static void label_boot_kaslrseed(void) +{ +#ifdef CONFIG_DM_RNG + ulong fdt_addr; + struct fdt_header *working_fdt; + size_t n = 0x8; + struct udevice *dev; + u64 *buf; + int nodeoffset; + int err; + + /* Get the main fdt and map it */ + fdt_addr = hextoul(env_get("fdt_addr_r"), NULL); + working_fdt = map_sysmem(fdt_addr, 0); + err = fdt_check_header(working_fdt); + if (err) + return; + + if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) { + printf("No RNG device\n"); + return; + } + + buf = malloc(n); + if (!buf) { + printf("Out of memory\n"); + return; + } + + if (dm_rng_read(dev, buf, n)) { + printf("Reading RNG failed\n"); + return; + } + + nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen"); + if (nodeoffset < 0) { + printf("Reading chosen node failed\n"); + return; + } + + err = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf)); + if (err < 0) { + printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(err)); + return; + } + + free(buf); +#endif + return; +} + /** * label_boot_fdtoverlay() - Loads fdt overlays specified in 'fdtoverlays' * @@ -631,6 +691,9 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label) } } + if (label->kaslrseed) + label_boot_kaslrseed(); + #ifdef CONFIG_OF_LIBFDT_OVERLAY if (label->fdtoverlays) label_boot_fdtoverlay(ctx, label); @@ -710,6 +773,7 @@ enum token_type { T_ONTIMEOUT, T_IPAPPEND, T_BACKGROUND, + T_KASLRSEED, T_INVALID }; @@ -741,6 +805,7 @@ static const struct token keywords[] = { {"ontimeout", T_ONTIMEOUT,}, {"ipappend", T_IPAPPEND,}, {"background", T_BACKGROUND,}, + {"kaslrseed", T_KASLRSEED,}, {NULL, T_INVALID} }; @@ -1194,6 +1259,10 @@ static int parse_label(char **c, struct pxe_menu *cfg) err = parse_integer(c, &label->ipappend); break; + case T_KASLRSEED: + label->kaslrseed = 1; + break; + case T_EOL: break; diff --git a/include/pxe_utils.h b/include/pxe_utils.h index dad2668818..4a73b2aace 100644 --- a/include/pxe_utils.h +++ b/include/pxe_utils.h @@ -33,6 +33,7 @@ * initrd - path to the initrd to use for this label. * attempted - 0 if we haven't tried to boot this label, 1 if we have. * localboot - 1 if this label specified 'localboot', 0 otherwise. + * kaslrseed - 1 if generate kaslrseed from hw_rng * list - lets these form a list, which a pxe_menu struct will hold. */ struct pxe_label { @@ -50,6 +51,7 @@ struct pxe_label { int attempted; int localboot; int localboot_val; + int kaslrseed; struct list_head list; };