Re: [PATCH 1/2] cmd: kaslrseed: add command to generate value from hwrng
Hi,
On Fri, 15 Oct 2021 at 23:48, Heinrich Schuchardt wrote:
>
> Am 15. Oktober 2021 14:54:03 MESZ schrieb Kever Yang
> :
> >Reviewed-by: Kever Yang
> >
> >
> >Thanks,
> >- Kever
> >
> >Chris Morgan 于2021年8月26日周四 上午12:23写道:
> >>
> >> From: Chris Morgan
> >>
> >> Allow the kaslr-seed value in the chosen node to be set from a hardware
> >> rng source.
> >>
> >> Tested on a Rockchip PX30 (Odroid Go Advance), you must have loaded
> >> the devicetree first and prepared it for editing. On my device the
> >> workflow goes as follows:
> >>
> >> setenv dtb_loadaddr "0x01f0"
> >> load mmc 0:1 ${dtb_loadaddr} rk3326-odroid-go2.dtb
> >> fdt addr ${dtb_loadaddr}
> >> fdt resize
> >> kaslrseed
>
> This seems overly complicated. Why don't you add the seed in the board fixup
> routines in dependence on a Kconfig symbol.
I had the same thought. But perhaps we should be getting out of the
'fixup' business? That itself is complicated, with various different
levels of fixup. Perhaps a programmatic approach makes more sense?
So:
Reviewed-by: Simon Glass
>
> Best regards
>
> Heinrich
>
>
> >>
> >> and the output can be seen here:
> >> fdt print /chosen
> >> chosen {
> >> kaslr-seed = <0x6f61df74 0x6f7b996c>;
> >> stdout-path = "serial2:115200n8";
> >> };
> >>
> >> Signed-off-by: Chris Morgan
> >> ---
> >> cmd/Kconfig | 7 +
> >> cmd/Makefile| 1 +
> >> cmd/kaslrseed.c | 81 +
> >> 3 files changed, 89 insertions(+)
> >> create mode 100644 cmd/kaslrseed.c
> >>
> >> diff --git a/cmd/Kconfig b/cmd/Kconfig
> >> index ffef3cc76c..e62adff939 100644
> >> --- a/cmd/Kconfig
> >> +++ b/cmd/Kconfig
> >> @@ -1790,6 +1790,13 @@ config CMD_RNG
> >> help
> >> Print bytes from the hardware random number generator.
> >>
> >> +config CMD_KASLRSEED
> >> + bool "kaslrseed"
> >> + depends on DM_RNG
> >> + help
> >> + Set the kaslr-seed in the chosen node with entropy provided by a
> >> + hardware random number generator.
> >> +
> >> config CMD_SLEEP
> >> bool "sleep"
> >> default y
> >> diff --git a/cmd/Makefile b/cmd/Makefile
> >> index ed3669411e..34cbda72f5 100644
> >> --- a/cmd/Makefile
> >> +++ b/cmd/Makefile
> >> @@ -131,6 +131,7 @@ obj-$(CONFIG_CMD_REGINFO) += reginfo.o
> >> obj-$(CONFIG_CMD_REISER) += reiser.o
> >> obj-$(CONFIG_CMD_REMOTEPROC) += remoteproc.o
> >> obj-$(CONFIG_CMD_RNG) += rng.o
> >> +obj-$(CONFIG_CMD_KASLRSEED) += kaslrseed.o
> >> obj-$(CONFIG_CMD_ROCKUSB) += rockusb.o
> >> obj-$(CONFIG_CMD_RTC) += rtc.o
> >> obj-$(CONFIG_SANDBOX) += host.o
> >> diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> >> new file mode 100644
> >> index 00..27c2648c91
> >> --- /dev/null
> >> +++ b/cmd/kaslrseed.c
> >> @@ -0,0 +1,81 @@
> >> +// SPDX-License-Identifier: GPL-2.0+
> >> +/*
> >> + * The 'kaslrseed' command takes bytes from the hardware random number
> >> + * generator and uses them to set the kaslr-seed value in the chosen node.
> >> + *
> >> + * Copyright (c) 2021, Chris Morgan
> >> + */
> >> +
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +
> >> +static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char
> >> *const argv[])
> >> +{
> >> + size_t n = 0x8;
> >> + struct udevice *dev;
> >> + u64 *buf;
> >> + int nodeoffset;
> >> + int ret = CMD_RET_SUCCESS;
> >> +
> >> + if (uclass_get_device(UCLASS_RNG, 0, ) || !dev) {
> >> + printf("No RNG device\n");
> >> + return CMD_RET_FAILURE;
> >> + }
> >> +
> >> + buf = malloc(n);
> >> + if (!buf) {
> >> + printf("Out of memory\n");
> >> + return CMD_RET_FAILURE;
> >> + }
> >> +
> >> + if (dm_rng_read(dev, buf, n)) {
> >> + printf("Reading RNG failed\n");
> >> + return CMD_RET_FAILURE;
> >> + }
> >> +
> >> + if (!working_fdt) {
> >> + printf("No FDT memory address configured. Please
> >> configure\n"
> >> + "the FDT address via \"fdt addr \"
> >> command.\n"
> >> + "Aborting!\n");
> >> + return CMD_RET_FAILURE;
> >> + }
> >> +
> >> + ret = fdt_check_header(working_fdt);
> >> + if (ret < 0) {
> >> + printf("fdt_chosen: %s\n", fdt_strerror(ret));
> >> + return CMD_RET_FAILURE;
> >> + }
> >> +
> >> + nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> >> + if (nodeoffset < 0) {
> >> + printf("Reading chosen node failed\n");
> >> + return CMD_RET_FAILURE;
> >> + }
> >> +
> >> + ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf,
> >> sizeof(buf));
> >> + if (ret < 0) {
> >> + printf("Unable to set kaslr-seed on chosen node: %s\n",
> >> fdt_strerror(ret));
> >>
Re: [PATCH 1/2] cmd: kaslrseed: add command to generate value from hwrng
Am 15. Oktober 2021 14:54:03 MESZ schrieb Kever Yang
:
>Reviewed-by: Kever Yang
>
>
>Thanks,
>- Kever
>
>Chris Morgan 于2021年8月26日周四 上午12:23写道:
>>
>> From: Chris Morgan
>>
>> Allow the kaslr-seed value in the chosen node to be set from a hardware
>> rng source.
>>
>> Tested on a Rockchip PX30 (Odroid Go Advance), you must have loaded
>> the devicetree first and prepared it for editing. On my device the
>> workflow goes as follows:
>>
>> setenv dtb_loadaddr "0x01f0"
>> load mmc 0:1 ${dtb_loadaddr} rk3326-odroid-go2.dtb
>> fdt addr ${dtb_loadaddr}
>> fdt resize
>> kaslrseed
This seems overly complicated. Why don't you add the seed in the board fixup
routines in dependence on a Kconfig symbol.
Best regards
Heinrich
>>
>> and the output can be seen here:
>> fdt print /chosen
>> chosen {
>> kaslr-seed = <0x6f61df74 0x6f7b996c>;
>> stdout-path = "serial2:115200n8";
>> };
>>
>> Signed-off-by: Chris Morgan
>> ---
>> cmd/Kconfig | 7 +
>> cmd/Makefile| 1 +
>> cmd/kaslrseed.c | 81 +
>> 3 files changed, 89 insertions(+)
>> create mode 100644 cmd/kaslrseed.c
>>
>> diff --git a/cmd/Kconfig b/cmd/Kconfig
>> index ffef3cc76c..e62adff939 100644
>> --- a/cmd/Kconfig
>> +++ b/cmd/Kconfig
>> @@ -1790,6 +1790,13 @@ config CMD_RNG
>> help
>> Print bytes from the hardware random number generator.
>>
>> +config CMD_KASLRSEED
>> + bool "kaslrseed"
>> + depends on DM_RNG
>> + help
>> + Set the kaslr-seed in the chosen node with entropy provided by a
>> + hardware random number generator.
>> +
>> config CMD_SLEEP
>> bool "sleep"
>> default y
>> diff --git a/cmd/Makefile b/cmd/Makefile
>> index ed3669411e..34cbda72f5 100644
>> --- a/cmd/Makefile
>> +++ b/cmd/Makefile
>> @@ -131,6 +131,7 @@ obj-$(CONFIG_CMD_REGINFO) += reginfo.o
>> obj-$(CONFIG_CMD_REISER) += reiser.o
>> obj-$(CONFIG_CMD_REMOTEPROC) += remoteproc.o
>> obj-$(CONFIG_CMD_RNG) += rng.o
>> +obj-$(CONFIG_CMD_KASLRSEED) += kaslrseed.o
>> obj-$(CONFIG_CMD_ROCKUSB) += rockusb.o
>> obj-$(CONFIG_CMD_RTC) += rtc.o
>> obj-$(CONFIG_SANDBOX) += host.o
>> diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
>> new file mode 100644
>> index 00..27c2648c91
>> --- /dev/null
>> +++ b/cmd/kaslrseed.c
>> @@ -0,0 +1,81 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * The 'kaslrseed' command takes bytes from the hardware random number
>> + * generator and uses them to set the kaslr-seed value in the chosen node.
>> + *
>> + * Copyright (c) 2021, Chris Morgan
>> + */
>> +
>> +#include
>> +#include
>> +#include
>> +#include
>> +#include
>> +#include
>> +#include
>> +
>> +static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char
>> *const argv[])
>> +{
>> + size_t n = 0x8;
>> + struct udevice *dev;
>> + u64 *buf;
>> + int nodeoffset;
>> + int ret = CMD_RET_SUCCESS;
>> +
>> + if (uclass_get_device(UCLASS_RNG, 0, ) || !dev) {
>> + printf("No RNG device\n");
>> + return CMD_RET_FAILURE;
>> + }
>> +
>> + buf = malloc(n);
>> + if (!buf) {
>> + printf("Out of memory\n");
>> + return CMD_RET_FAILURE;
>> + }
>> +
>> + if (dm_rng_read(dev, buf, n)) {
>> + printf("Reading RNG failed\n");
>> + return CMD_RET_FAILURE;
>> + }
>> +
>> + if (!working_fdt) {
>> + printf("No FDT memory address configured. Please configure\n"
>> + "the FDT address via \"fdt addr \"
>> command.\n"
>> + "Aborting!\n");
>> + return CMD_RET_FAILURE;
>> + }
>> +
>> + ret = fdt_check_header(working_fdt);
>> + if (ret < 0) {
>> + printf("fdt_chosen: %s\n", fdt_strerror(ret));
>> + return CMD_RET_FAILURE;
>> + }
>> +
>> + nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
>> + if (nodeoffset < 0) {
>> + printf("Reading chosen node failed\n");
>> + return CMD_RET_FAILURE;
>> + }
>> +
>> + ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf,
>> sizeof(buf));
>> + if (ret < 0) {
>> + printf("Unable to set kaslr-seed on chosen node: %s\n",
>> fdt_strerror(ret));
>> + return CMD_RET_FAILURE;
>> + }
>> +
>> + free(buf);
>> +
>> + return ret;
>> +}
>> +
>> +#ifdef CONFIG_SYS_LONGHELP
>> +static char kaslrseed_help_text[] =
>> + "[n]\n"
>> + " - append random bytes to chosen kaslr-seed node\n";
>> +#endif
>> +
>> +U_BOOT_CMD(
>> + kaslrseed, 1, 0, do_kaslr_seed,
>> + "feed bytes from the hardware random number generator to the
>> kaslr-seed",
>> + kaslrseed_help_text
>> +);
>> --
>> 2.25.1
>>
Re: [PATCH 1/2] cmd: kaslrseed: add command to generate value from hwrng
Reviewed-by: Kever Yang
Thanks,
- Kever
Chris Morgan 于2021年8月26日周四 上午12:23写道:
>
> From: Chris Morgan
>
> Allow the kaslr-seed value in the chosen node to be set from a hardware
> rng source.
>
> Tested on a Rockchip PX30 (Odroid Go Advance), you must have loaded
> the devicetree first and prepared it for editing. On my device the
> workflow goes as follows:
>
> setenv dtb_loadaddr "0x01f0"
> load mmc 0:1 ${dtb_loadaddr} rk3326-odroid-go2.dtb
> fdt addr ${dtb_loadaddr}
> fdt resize
> kaslrseed
>
> and the output can be seen here:
> fdt print /chosen
> chosen {
> kaslr-seed = <0x6f61df74 0x6f7b996c>;
> stdout-path = "serial2:115200n8";
> };
>
> Signed-off-by: Chris Morgan
> ---
> cmd/Kconfig | 7 +
> cmd/Makefile| 1 +
> cmd/kaslrseed.c | 81 +
> 3 files changed, 89 insertions(+)
> create mode 100644 cmd/kaslrseed.c
>
> diff --git a/cmd/Kconfig b/cmd/Kconfig
> index ffef3cc76c..e62adff939 100644
> --- a/cmd/Kconfig
> +++ b/cmd/Kconfig
> @@ -1790,6 +1790,13 @@ config CMD_RNG
> help
> Print bytes from the hardware random number generator.
>
> +config CMD_KASLRSEED
> + bool "kaslrseed"
> + depends on DM_RNG
> + help
> + Set the kaslr-seed in the chosen node with entropy provided by a
> + hardware random number generator.
> +
> config CMD_SLEEP
> bool "sleep"
> default y
> diff --git a/cmd/Makefile b/cmd/Makefile
> index ed3669411e..34cbda72f5 100644
> --- a/cmd/Makefile
> +++ b/cmd/Makefile
> @@ -131,6 +131,7 @@ obj-$(CONFIG_CMD_REGINFO) += reginfo.o
> obj-$(CONFIG_CMD_REISER) += reiser.o
> obj-$(CONFIG_CMD_REMOTEPROC) += remoteproc.o
> obj-$(CONFIG_CMD_RNG) += rng.o
> +obj-$(CONFIG_CMD_KASLRSEED) += kaslrseed.o
> obj-$(CONFIG_CMD_ROCKUSB) += rockusb.o
> obj-$(CONFIG_CMD_RTC) += rtc.o
> obj-$(CONFIG_SANDBOX) += host.o
> diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
> new file mode 100644
> index 00..27c2648c91
> --- /dev/null
> +++ b/cmd/kaslrseed.c
> @@ -0,0 +1,81 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * The 'kaslrseed' command takes bytes from the hardware random number
> + * generator and uses them to set the kaslr-seed value in the chosen node.
> + *
> + * Copyright (c) 2021, Chris Morgan
> + */
> +
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +
> +static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char
> *const argv[])
> +{
> + size_t n = 0x8;
> + struct udevice *dev;
> + u64 *buf;
> + int nodeoffset;
> + int ret = CMD_RET_SUCCESS;
> +
> + if (uclass_get_device(UCLASS_RNG, 0, ) || !dev) {
> + printf("No RNG device\n");
> + return CMD_RET_FAILURE;
> + }
> +
> + buf = malloc(n);
> + if (!buf) {
> + printf("Out of memory\n");
> + return CMD_RET_FAILURE;
> + }
> +
> + if (dm_rng_read(dev, buf, n)) {
> + printf("Reading RNG failed\n");
> + return CMD_RET_FAILURE;
> + }
> +
> + if (!working_fdt) {
> + printf("No FDT memory address configured. Please configure\n"
> + "the FDT address via \"fdt addr \" command.\n"
> + "Aborting!\n");
> + return CMD_RET_FAILURE;
> + }
> +
> + ret = fdt_check_header(working_fdt);
> + if (ret < 0) {
> + printf("fdt_chosen: %s\n", fdt_strerror(ret));
> + return CMD_RET_FAILURE;
> + }
> +
> + nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
> + if (nodeoffset < 0) {
> + printf("Reading chosen node failed\n");
> + return CMD_RET_FAILURE;
> + }
> +
> + ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf,
> sizeof(buf));
> + if (ret < 0) {
> + printf("Unable to set kaslr-seed on chosen node: %s\n",
> fdt_strerror(ret));
> + return CMD_RET_FAILURE;
> + }
> +
> + free(buf);
> +
> + return ret;
> +}
> +
> +#ifdef CONFIG_SYS_LONGHELP
> +static char kaslrseed_help_text[] =
> + "[n]\n"
> + " - append random bytes to chosen kaslr-seed node\n";
> +#endif
> +
> +U_BOOT_CMD(
> + kaslrseed, 1, 0, do_kaslr_seed,
> + "feed bytes from the hardware random number generator to the
> kaslr-seed",
> + kaslrseed_help_text
> +);
> --
> 2.25.1
>
[PATCH 1/2] cmd: kaslrseed: add command to generate value from hwrng
From: Chris Morgan
Allow the kaslr-seed value in the chosen node to be set from a hardware
rng source.
Tested on a Rockchip PX30 (Odroid Go Advance), you must have loaded
the devicetree first and prepared it for editing. On my device the
workflow goes as follows:
setenv dtb_loadaddr "0x01f0"
load mmc 0:1 ${dtb_loadaddr} rk3326-odroid-go2.dtb
fdt addr ${dtb_loadaddr}
fdt resize
kaslrseed
and the output can be seen here:
fdt print /chosen
chosen {
kaslr-seed = <0x6f61df74 0x6f7b996c>;
stdout-path = "serial2:115200n8";
};
Signed-off-by: Chris Morgan
---
cmd/Kconfig | 7 +
cmd/Makefile| 1 +
cmd/kaslrseed.c | 81 +
3 files changed, 89 insertions(+)
create mode 100644 cmd/kaslrseed.c
diff --git a/cmd/Kconfig b/cmd/Kconfig
index ffef3cc76c..e62adff939 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -1790,6 +1790,13 @@ config CMD_RNG
help
Print bytes from the hardware random number generator.
+config CMD_KASLRSEED
+ bool "kaslrseed"
+ depends on DM_RNG
+ help
+ Set the kaslr-seed in the chosen node with entropy provided by a
+ hardware random number generator.
+
config CMD_SLEEP
bool "sleep"
default y
diff --git a/cmd/Makefile b/cmd/Makefile
index ed3669411e..34cbda72f5 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -131,6 +131,7 @@ obj-$(CONFIG_CMD_REGINFO) += reginfo.o
obj-$(CONFIG_CMD_REISER) += reiser.o
obj-$(CONFIG_CMD_REMOTEPROC) += remoteproc.o
obj-$(CONFIG_CMD_RNG) += rng.o
+obj-$(CONFIG_CMD_KASLRSEED) += kaslrseed.o
obj-$(CONFIG_CMD_ROCKUSB) += rockusb.o
obj-$(CONFIG_CMD_RTC) += rtc.o
obj-$(CONFIG_SANDBOX) += host.o
diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c
new file mode 100644
index 00..27c2648c91
--- /dev/null
+++ b/cmd/kaslrseed.c
@@ -0,0 +1,81 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * The 'kaslrseed' command takes bytes from the hardware random number
+ * generator and uses them to set the kaslr-seed value in the chosen node.
+ *
+ * Copyright (c) 2021, Chris Morgan
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char
*const argv[])
+{
+ size_t n = 0x8;
+ struct udevice *dev;
+ u64 *buf;
+ int nodeoffset;
+ int ret = CMD_RET_SUCCESS;
+
+ if (uclass_get_device(UCLASS_RNG, 0, ) || !dev) {
+ printf("No RNG device\n");
+ return CMD_RET_FAILURE;
+ }
+
+ buf = malloc(n);
+ if (!buf) {
+ printf("Out of memory\n");
+ return CMD_RET_FAILURE;
+ }
+
+ if (dm_rng_read(dev, buf, n)) {
+ printf("Reading RNG failed\n");
+ return CMD_RET_FAILURE;
+ }
+
+ if (!working_fdt) {
+ printf("No FDT memory address configured. Please configure\n"
+ "the FDT address via \"fdt addr \" command.\n"
+ "Aborting!\n");
+ return CMD_RET_FAILURE;
+ }
+
+ ret = fdt_check_header(working_fdt);
+ if (ret < 0) {
+ printf("fdt_chosen: %s\n", fdt_strerror(ret));
+ return CMD_RET_FAILURE;
+ }
+
+ nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen");
+ if (nodeoffset < 0) {
+ printf("Reading chosen node failed\n");
+ return CMD_RET_FAILURE;
+ }
+
+ ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf,
sizeof(buf));
+ if (ret < 0) {
+ printf("Unable to set kaslr-seed on chosen node: %s\n",
fdt_strerror(ret));
+ return CMD_RET_FAILURE;
+ }
+
+ free(buf);
+
+ return ret;
+}
+
+#ifdef CONFIG_SYS_LONGHELP
+static char kaslrseed_help_text[] =
+ "[n]\n"
+ " - append random bytes to chosen kaslr-seed node\n";
+#endif
+
+U_BOOT_CMD(
+ kaslrseed, 1, 0, do_kaslr_seed,
+ "feed bytes from the hardware random number generator to the
kaslr-seed",
+ kaslrseed_help_text
+);
--
2.25.1
