diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e438..02c298fdbe4 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1814,6 +1814,13 @@ config CMD_RNG help Print bytes from the hardware random number generator. +config CMD_KASLRSEED + bool "kaslrseed" + depends on DM_RNG + help + Set the kaslr-seed in the chosen node with entropy provided by a + hardware random number generator. + config CMD_SLEEP bool "sleep" default y diff --git a/cmd/Makefile b/cmd/Makefile index 891819ae0f6..e31ac15ef75 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -131,6 +131,7 @@ obj-$(CONFIG_CMD_REGINFO) += reginfo.o obj-$(CONFIG_CMD_REISER) += reiser.o obj-$(CONFIG_CMD_REMOTEPROC) += remoteproc.o obj-$(CONFIG_CMD_RNG) += rng.o +obj-$(CONFIG_CMD_KASLRSEED) += kaslrseed.o obj-$(CONFIG_CMD_ROCKUSB) += rockusb.o obj-$(CONFIG_CMD_RTC) += rtc.o obj-$(CONFIG_SANDBOX) += host.o diff --git a/cmd/kaslrseed.c b/cmd/kaslrseed.c new file mode 100644 index 00000000000..8a1d8120cdc --- /dev/null +++ b/cmd/kaslrseed.c @@ -0,0 +1,81 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * The 'kaslrseed' command takes bytes from the hardware random number + * generator and uses them to set the kaslr-seed value in the chosen node. + * + * Copyright (c) 2021, Chris Morgan + */ + +#include +#include +#include +#include +#include +#include +#include + +static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) +{ + size_t n = 0x8; + struct udevice *dev; + u64 *buf; + int nodeoffset; + int ret = CMD_RET_SUCCESS; + + if (uclass_get_device(UCLASS_RNG, 0, &dev) || !dev) { + printf("No RNG device\n"); + return CMD_RET_FAILURE; + } + + buf = malloc(n); + if (!buf) { + printf("Out of memory\n"); + return CMD_RET_FAILURE; + } + + if (dm_rng_read(dev, buf, n)) { + printf("Reading RNG failed\n"); + return CMD_RET_FAILURE; + } + + if (!working_fdt) { + printf("No FDT memory address configured. Please configure\n" + "the FDT address via \"fdt addr
\" command.\n" + "Aborting!\n"); + return CMD_RET_FAILURE; + } + + ret = fdt_check_header(working_fdt); + if (ret < 0) { + printf("fdt_chosen: %s\n", fdt_strerror(ret)); + return CMD_RET_FAILURE; + } + + nodeoffset = fdt_find_or_add_subnode(working_fdt, 0, "chosen"); + if (nodeoffset < 0) { + printf("Reading chosen node failed\n"); + return CMD_RET_FAILURE; + } + + ret = fdt_setprop(working_fdt, nodeoffset, "kaslr-seed", buf, sizeof(buf)); + if (ret < 0) { + printf("Unable to set kaslr-seed on chosen node: %s\n", fdt_strerror(ret)); + return CMD_RET_FAILURE; + } + + free(buf); + + return ret; +} + +#ifdef CONFIG_SYS_LONGHELP +static char kaslrseed_help_text[] = + "[n]\n" + " - append random bytes to chosen kaslr-seed node\n"; +#endif + +U_BOOT_CMD( + kaslrseed, 1, 0, do_kaslr_seed, + "feed bytes from the hardware random number generator to the kaslr-seed", + kaslrseed_help_text +);