Use the fdt_kaslrseed function to deduplicate code doing the same thing.
Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.
Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <michal.simek@amd.com>
Cc: Andy Yan <andy.yan@rock-chips.com>
Cc: Akash Gajjar <gajjar04akash@gmail.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Devarsh Thakkar <devarsht@ti.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Chris Morgan <macromorgan@hotmail.com>
Acked-by: Michal Simek <michal.simek@amd.com>
#define MAX_RAND_SIZE 8
int ft_board_setup(void *blob, struct bd_info *bd)
{
- size_t n = MAX_RAND_SIZE;
- struct udevice *dev;
- u8 buf[MAX_RAND_SIZE];
- int nodeoffset, ret;
-
static const struct node_info nodes[] = {
{ "arm,pl353-nand-r2p1", MTD_DEV_TYPE_NAND, },
};
if (IS_ENABLED(CONFIG_FDT_FIXUP_PARTITIONS) && IS_ENABLED(CONFIG_NAND_ZYNQ))
fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
- debug("No RNG device\n");
- return 0;
- }
-
- if (dm_rng_read(dev, buf, n)) {
- debug("Reading RNG failed\n");
- return 0;
- }
-
- if (!blob) {
- debug("No FDT memory address configured. Please configure\n"
- "the FDT address via \"fdt addr <address>\" command.\n"
- "Aborting!\n");
- return 0;
- }
-
- ret = fdt_check_header(blob);
- if (ret < 0) {
- debug("fdt_chosen: %s\n", fdt_strerror(ret));
- return ret;
- }
-
- nodeoffset = fdt_find_or_add_subnode(blob, 0, "chosen");
- if (nodeoffset < 0) {
- debug("Reading chosen node failed\n");
- return nodeoffset;
- }
-
- ret = fdt_setprop(blob, nodeoffset, "kaslr-seed", buf, sizeof(buf));
- if (ret < 0) {
- debug("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
- return ret;
- }
-
return 0;
}
#endif
#if CONFIG_IS_ENABLED(DM_RNG)
ulong fdt_addr;
struct fdt_header *working_fdt;
- size_t n = 0x8;
- struct udevice *dev;
- u64 *buf;
- int nodeoffset;
int err;
/* Get the main fdt and map it */
if (err <= 0)
return;
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
- printf("No RNG device\n");
- return;
- }
-
- nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
- if (nodeoffset < 0) {
- printf("Reading chosen node failed\n");
- return;
- }
-
- buf = malloc(n);
- if (!buf) {
- printf("Out of memory\n");
- return;
- }
-
- if (dm_rng_read(dev, buf, n)) {
- printf("Reading RNG failed\n");
- goto err;
- }
-
- err = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
- if (err < 0) {
- printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(err));
- goto err;
- }
-err:
- free(buf);
+ fdt_kaslrseed(working_fdt, true);
#endif
return;
}
static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
{
- size_t n = 0x8;
- struct udevice *dev;
- u64 *buf;
- int nodeoffset;
- int ret = CMD_RET_SUCCESS;
+ int err = CMD_RET_SUCCESS;
- if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) {
- printf("No RNG device\n");
- return CMD_RET_FAILURE;
- }
-
- buf = malloc(n);
- if (!buf) {
- printf("Out of memory\n");
- return CMD_RET_FAILURE;
- }
-
- if (dm_rng_read(dev, buf, n)) {
- printf("Reading RNG failed\n");
- return CMD_RET_FAILURE;
- }
+ printf("Notice: a /chosen/kaslr-seed is automatically added to the device-tree when booted via booti/bootm/bootz therefore using this command is likely no longer needed\n");
if (!working_fdt) {
printf("No FDT memory address configured. Please configure\n"
"the FDT address via \"fdt addr <address>\" command.\n"
"Aborting!\n");
- return CMD_RET_FAILURE;
- }
-
- ret = fdt_check_header(working_fdt);
- if (ret < 0) {
- printf("fdt_chosen: %s\n", fdt_strerror(ret));
- return CMD_RET_FAILURE;
- }
-
- nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
- if (nodeoffset < 0) {
- printf("Reading chosen node failed\n");
- return CMD_RET_FAILURE;
+ err = CMD_RET_FAILURE;
+ } else {
+ if (fdt_kaslrseed(working_fdt, true) < 0)
+ err = CMD_RET_FAILURE;
}
- ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf));
- if (ret < 0) {
- printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret));
- return CMD_RET_FAILURE;
- }
-
- free(buf);
-
- return ret;
+ return cmd_process_error(cmdtp, err);
}
U_BOOT_LONGHELP(kaslrseed,
projects / u-boot.git / commitdiff