]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number
authorRuchika Gupta <ruchika.gupta@nxp.com>
Wed, 16 Aug 2017 10:28:10 +0000 (15:58 +0530)
committerTom Rini <trini@konsulko.com>
Sat, 26 Aug 2017 18:56:11 +0000 (14:56 -0400)
kASLR support in kernel requires a random number to be passed via
chosen/kaslr-seed propert. sec_firmware generates this random seed
which can then be passed in the device tree node.

sec_firmware reserves JR3 for it's own usage. Node for JR3 is
removed from device-tree.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
arch/arm/cpu/armv8/fsl-layerscape/fdt.c
arch/arm/cpu/armv8/sec_firmware.c
arch/arm/include/asm/armv8/sec_firmware.h

index f5f4840f194579132e636997dbea41b100b8daac..c9252751dbcecca85384c18902c5b3e2e2b60439 100644 (file)
@@ -345,11 +345,38 @@ static void fdt_fixup_msi(void *blob)
 }
 #endif
 
+#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
+/* Remove JR node used by SEC firmware */
+void fdt_fixup_remove_jr(void *blob)
+{
+       int jr_node, addr_cells, len;
+       int crypto_node = fdt_path_offset(blob, "crypto");
+       u64 jr_offset, used_jr;
+       fdt32_t *reg;
+
+       used_jr = sec_firmware_used_jobring_offset();
+       fdt_support_default_count_cells(blob, crypto_node, &addr_cells, NULL);
+
+       jr_node = fdt_node_offset_by_compatible(blob, crypto_node,
+                                               "fsl,sec-v4.0-job-ring");
+
+       while (jr_node != -FDT_ERR_NOTFOUND) {
+               reg = (fdt32_t *)fdt_getprop(blob, jr_node, "reg", &len);
+               jr_offset = fdt_read_number(reg, addr_cells);
+               if (jr_offset == used_jr) {
+                       fdt_del_node(blob, jr_node);
+                       break;
+               }
+               jr_node = fdt_node_offset_by_compatible(blob, jr_node,
+                                                       "fsl,sec-v4.0-job-ring");
+       }
+}
+#endif
+
 void ft_cpu_setup(void *blob, bd_t *bd)
 {
-#ifdef CONFIG_FSL_LSCH2
        struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
-       unsigned int svr = in_be32(&gur->svr);
+       unsigned int svr = gur_in32(&gur->svr);
 
        /* delete crypto node if not on an E-processor */
        if (!IS_E_PROCESSOR(svr))
@@ -358,11 +385,15 @@ void ft_cpu_setup(void *blob, bd_t *bd)
        else {
                ccsr_sec_t __iomem *sec;
 
+#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
+               if (fdt_fixup_kaslr(blob))
+                       fdt_fixup_remove_jr(blob);
+#endif
+
                sec = (void __iomem *)CONFIG_SYS_FSL_SEC_ADDR;
                fdt_fixup_crypto_node(blob, sec_in32(&sec->secvid_ms));
        }
 #endif
-#endif
 
 #ifdef CONFIG_MP
        ft_fixup_cpu(blob);
index fffce712d38b99d3e739a5970b275d2138aee8e8..0e7483437a9bbc9b00952308ec0b8f089c215f1a 100644 (file)
@@ -231,6 +231,59 @@ unsigned int sec_firmware_support_psci_version(void)
 }
 #endif
 
+/*
+ * Check with sec_firmware if it supports random number generation
+ * via HW RNG
+ *
+ * The return value will be true if it is supported
+ */
+bool sec_firmware_support_hwrng(void)
+{
+       uint8_t rand[8];
+       if (sec_firmware_addr & SEC_FIRMWARE_RUNNING) {
+               if (!sec_firmware_get_random(rand, 8))
+                       return true;
+       }
+
+       return false;
+}
+
+/*
+ * sec_firmware_get_random - Get a random number from SEC Firmware
+ * @rand:              random number buffer to be filled
+ * @bytes:             Number of bytes of random number to be supported
+ * @eret:              -1 in case of error, 0 for success
+ */
+int sec_firmware_get_random(uint8_t *rand, int bytes)
+{
+       unsigned long long num;
+       struct pt_regs regs;
+       int param1;
+
+       if (!bytes || bytes > 8) {
+               printf("Max Random bytes genration supported is 8\n");
+               return -1;
+       }
+#define SIP_RNG_64 0xC200FF11
+       regs.regs[0] = SIP_RNG_64;
+
+       if (bytes <= 4)
+               param1 = 0;
+       else
+               param1 = 1;
+       regs.regs[1] = param1;
+
+       smc_call(&regs);
+
+       if (regs.regs[0])
+               return -1;
+
+       num = regs.regs[1];
+       memcpy(rand, &num, bytes);
+
+       return 0;
+}
+
 /*
  * sec_firmware_init - Initialize the SEC Firmware
  * @sec_firmware_img:  the SEC Firmware image address
@@ -278,3 +331,49 @@ int sec_firmware_init(const void *sec_firmware_img,
 
        return 0;
 }
+
+/*
+ * fdt_fix_kaslr - Add kalsr-seed node in Device tree
+ * @fdt:               Device tree
+ * @eret:              0 in case of error, 1 for success
+ */
+int fdt_fixup_kaslr(void *fdt)
+{
+       int nodeoffset;
+       int err, ret = 0;
+       u8 rand[8];
+
+#if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)
+       /* Check if random seed generation is  supported */
+       if (sec_firmware_support_hwrng() == false)
+               return 0;
+
+       ret = sec_firmware_get_random(rand, 8);
+       if (ret < 0) {
+               printf("WARNING: No random number to set kaslr-seed\n");
+               return 0;
+       }
+
+       err = fdt_check_header(fdt);
+       if (err < 0) {
+               printf("fdt_chosen: %s\n", fdt_strerror(err));
+               return 0;
+       }
+
+       /* find or create "/chosen" node. */
+       nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen");
+       if (nodeoffset < 0)
+               return 0;
+
+       err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand,
+                                 sizeof(rand));
+       if (err < 0) {
+               printf("WARNING: can't set kaslr-seed %s.\n",
+                      fdt_strerror(err));
+               return 0;
+       }
+       ret = 1;
+#endif
+
+       return ret;
+}
index bc1d97d7a98fb5f74d7e09705dce7816b8478b03..6d42a7111f2a37f382760d3cf2bd52689f027976 100644 (file)
@@ -8,10 +8,14 @@
 #define __SEC_FIRMWARE_H_
 
 #define PSCI_INVALID_VER               0xffffffff
+#define SEC_JR3_OFFSET                 0x40000
 
 int sec_firmware_init(const void *, u32 *, u32 *);
 int _sec_firmware_entry(const void *, u32 *, u32 *);
 bool sec_firmware_is_valid(const void *);
+bool sec_firmware_support_hwrng(void);
+int sec_firmware_get_random(uint8_t *rand, int bytes);
+int fdt_fixup_kaslr(void *fdt);
 #ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI
 unsigned int sec_firmware_support_psci_version(void);
 unsigned int _sec_firmware_support_psci_version(void);
@@ -22,4 +26,9 @@ static inline unsigned int sec_firmware_support_psci_version(void)
 }
 #endif
 
+static inline unsigned int sec_firmware_used_jobring_offset(void)
+{
+       return SEC_JR3_OFFSET;
+}
+
 #endif /* __SEC_FIRMWARE_H_ */