mirror of
https://github.com/u-boot/u-boot.git
synced 2025-04-19 11:24:42 +00:00
909321bc6b
Use the fdt_kaslrseed function to deduplicate code doing the same thing. Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now but left in place in case boot scripts exist that rely on this command existing and returning success. An informational message is printed to alert users of this command that it is likely no longer needed. Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for randomization and completely ignores the kaslr-seed for its own randomness needs (i.e the randomization of the physical placement of the kernel). It gets weeded out from the DTB that gets handed over via efi_install_fdt() as it would also mess up the measured boot DTB TPM measurements as well. Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Simon Glass <sjg@chromium.org> Cc: Michal Simek <michal.simek@amd.com> Cc: Andy Yan <andy.yan@rock-chips.com> Cc: Akash Gajjar <gajjar04akash@gmail.com> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Simon Glass <sjg@chromium.org> Cc: Patrick Delaunay <patrick.delaunay@foss.st.com> Cc: Patrice Chotard <patrice.chotard@foss.st.com> Cc: Devarsh Thakkar <devarsht@ti.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Hugo Villeneuve <hvilleneuve@dimonoff.com> Cc: Marek Vasut <marex@denx.de> Cc: Tom Rini <trini@konsulko.com> Cc: Chris Morgan <macromorgan@hotmail.com> Acked-by: Michal Simek <michal.simek@amd.com>
44 lines
1.2 KiB
C
44 lines
1.2 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* The 'kaslrseed' command takes bytes from the hardware random number
|
|
* generator and uses them to set the kaslr-seed value in the chosen node.
|
|
*
|
|
* Copyright (c) 2021, Chris Morgan <macromorgan@hotmail.com>
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <command.h>
|
|
#include <dm.h>
|
|
#include <hexdump.h>
|
|
#include <malloc.h>
|
|
#include <rng.h>
|
|
#include <fdt_support.h>
|
|
|
|
static int do_kaslr_seed(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
|
{
|
|
int err = CMD_RET_SUCCESS;
|
|
|
|
printf("Notice: a /chosen/kaslr-seed is automatically added to the device-tree when booted via booti/bootm/bootz therefore using this command is likely no longer needed\n");
|
|
|
|
if (!working_fdt) {
|
|
printf("No FDT memory address configured. Please configure\n"
|
|
"the FDT address via \"fdt addr <address>\" command.\n"
|
|
"Aborting!\n");
|
|
err = CMD_RET_FAILURE;
|
|
} else {
|
|
if (fdt_kaslrseed(working_fdt, true) < 0)
|
|
err = CMD_RET_FAILURE;
|
|
}
|
|
|
|
return cmd_process_error(cmdtp, err);
|
|
}
|
|
|
|
U_BOOT_LONGHELP(kaslrseed,
|
|
"[n]\n"
|
|
" - append random bytes to chosen kaslr-seed node\n");
|
|
|
|
U_BOOT_CMD(
|
|
kaslrseed, 1, 0, do_kaslr_seed,
|
|
"feed bytes from the hardware random number generator to the kaslr-seed",
|
|
kaslrseed_help_text
|
|
);
|