From: Ruchika Gupta Date: Wed, 16 Aug 2017 10:28:10 +0000 (+0530) Subject: ARMv8/sec_firmware : Update chosen/kaslr-seed with random number X-Git-Tag: v2025.01-rc5-pxa1908~5975 X-Git-Url: http://git.dujemihanovic.xyz/img/static/%7B%7B%20%24style.RelPermalink%20%7D%7D?a=commitdiff_plain;h=a797f274d7ae806d84b9ececf71f043ca6c1502a;p=u-boot.git ARMv8/sec_firmware : Update chosen/kaslr-seed with random number kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta --- diff --git a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c index f5f4840f19..c9252751db 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c @@ -345,11 +345,38 @@ static void fdt_fixup_msi(void *blob) } #endif +#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT +/* Remove JR node used by SEC firmware */ +void fdt_fixup_remove_jr(void *blob) +{ + int jr_node, addr_cells, len; + int crypto_node = fdt_path_offset(blob, "crypto"); + u64 jr_offset, used_jr; + fdt32_t *reg; + + used_jr = sec_firmware_used_jobring_offset(); + fdt_support_default_count_cells(blob, crypto_node, &addr_cells, NULL); + + jr_node = fdt_node_offset_by_compatible(blob, crypto_node, + "fsl,sec-v4.0-job-ring"); + + while (jr_node != -FDT_ERR_NOTFOUND) { + reg = (fdt32_t *)fdt_getprop(blob, jr_node, "reg", &len); + jr_offset = fdt_read_number(reg, addr_cells); + if (jr_offset == used_jr) { + fdt_del_node(blob, jr_node); + break; + } + jr_node = fdt_node_offset_by_compatible(blob, jr_node, + "fsl,sec-v4.0-job-ring"); + } +} +#endif + void ft_cpu_setup(void *blob, bd_t *bd) { -#ifdef CONFIG_FSL_LSCH2 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); - unsigned int svr = in_be32(&gur->svr); + unsigned int svr = gur_in32(&gur->svr); /* delete crypto node if not on an E-processor */ if (!IS_E_PROCESSOR(svr)) @@ -358,11 +385,15 @@ void ft_cpu_setup(void *blob, bd_t *bd) else { ccsr_sec_t __iomem *sec; +#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT + if (fdt_fixup_kaslr(blob)) + fdt_fixup_remove_jr(blob); +#endif + sec = (void __iomem *)CONFIG_SYS_FSL_SEC_ADDR; fdt_fixup_crypto_node(blob, sec_in32(&sec->secvid_ms)); } #endif -#endif #ifdef CONFIG_MP ft_fixup_cpu(blob); diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c index fffce712d3..0e7483437a 100644 --- a/arch/arm/cpu/armv8/sec_firmware.c +++ b/arch/arm/cpu/armv8/sec_firmware.c @@ -231,6 +231,59 @@ unsigned int sec_firmware_support_psci_version(void) } #endif +/* + * Check with sec_firmware if it supports random number generation + * via HW RNG + * + * The return value will be true if it is supported + */ +bool sec_firmware_support_hwrng(void) +{ + uint8_t rand[8]; + if (sec_firmware_addr & SEC_FIRMWARE_RUNNING) { + if (!sec_firmware_get_random(rand, 8)) + return true; + } + + return false; +} + +/* + * sec_firmware_get_random - Get a random number from SEC Firmware + * @rand: random number buffer to be filled + * @bytes: Number of bytes of random number to be supported + * @eret: -1 in case of error, 0 for success + */ +int sec_firmware_get_random(uint8_t *rand, int bytes) +{ + unsigned long long num; + struct pt_regs regs; + int param1; + + if (!bytes || bytes > 8) { + printf("Max Random bytes genration supported is 8\n"); + return -1; + } +#define SIP_RNG_64 0xC200FF11 + regs.regs[0] = SIP_RNG_64; + + if (bytes <= 4) + param1 = 0; + else + param1 = 1; + regs.regs[1] = param1; + + smc_call(®s); + + if (regs.regs[0]) + return -1; + + num = regs.regs[1]; + memcpy(rand, &num, bytes); + + return 0; +} + /* * sec_firmware_init - Initialize the SEC Firmware * @sec_firmware_img: the SEC Firmware image address @@ -278,3 +331,49 @@ int sec_firmware_init(const void *sec_firmware_img, return 0; } + +/* + * fdt_fix_kaslr - Add kalsr-seed node in Device tree + * @fdt: Device tree + * @eret: 0 in case of error, 1 for success + */ +int fdt_fixup_kaslr(void *fdt) +{ + int nodeoffset; + int err, ret = 0; + u8 rand[8]; + +#if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT) + /* Check if random seed generation is supported */ + if (sec_firmware_support_hwrng() == false) + return 0; + + ret = sec_firmware_get_random(rand, 8); + if (ret < 0) { + printf("WARNING: No random number to set kaslr-seed\n"); + return 0; + } + + err = fdt_check_header(fdt); + if (err < 0) { + printf("fdt_chosen: %s\n", fdt_strerror(err)); + return 0; + } + + /* find or create "/chosen" node. */ + nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen"); + if (nodeoffset < 0) + return 0; + + err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand, + sizeof(rand)); + if (err < 0) { + printf("WARNING: can't set kaslr-seed %s.\n", + fdt_strerror(err)); + return 0; + } + ret = 1; +#endif + + return ret; +} diff --git a/arch/arm/include/asm/armv8/sec_firmware.h b/arch/arm/include/asm/armv8/sec_firmware.h index bc1d97d7a9..6d42a7111f 100644 --- a/arch/arm/include/asm/armv8/sec_firmware.h +++ b/arch/arm/include/asm/armv8/sec_firmware.h @@ -8,10 +8,14 @@ #define __SEC_FIRMWARE_H_ #define PSCI_INVALID_VER 0xffffffff +#define SEC_JR3_OFFSET 0x40000 int sec_firmware_init(const void *, u32 *, u32 *); int _sec_firmware_entry(const void *, u32 *, u32 *); bool sec_firmware_is_valid(const void *); +bool sec_firmware_support_hwrng(void); +int sec_firmware_get_random(uint8_t *rand, int bytes); +int fdt_fixup_kaslr(void *fdt); #ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI unsigned int sec_firmware_support_psci_version(void); unsigned int _sec_firmware_support_psci_version(void); @@ -22,4 +26,9 @@ static inline unsigned int sec_firmware_support_psci_version(void) } #endif +static inline unsigned int sec_firmware_used_jobring_offset(void) +{ + return SEC_JR3_OFFSET; +} + #endif /* __SEC_FIRMWARE_H_ */