diff options
| author | Pierre-Clément Tosi <ptosi@google.com> | 2022-04-06 21:16:10 +0100 |
|---|---|---|
| committer | Pierre-Clément Tosi <ptosi@google.com> | 2022-05-16 07:51:05 +0100 |
| commit | 832bb389d82404285933a97cbf79d0080a3645d4 (patch) | |
| tree | 98802a76429e66ca0e26a5b90a5a68f2712fc1d8 | |
| parent | 6649866e3b01109ea23e7c2f524eea7b36d90b94 (diff) | |
| download | u-boot-android13-qpr.tar.gz | |
ANDROID: pvmfw: Generate /chosen/kaslr-seedandroid13-qpr
Generate the seed from pvmfw to allow the guest to trust it.
Bug: 224922775
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Change-Id: I56051a34f611028122e38ec9db51e2ba8199d0ea
| -rw-r--r-- | board/android/pvmfw-arm64/boot.c | 18 | ||||
| -rw-r--r-- | board/android/pvmfw-arm64/generate_fdt.c | 2 | ||||
| -rw-r--r-- | board/android/pvmfw-arm64/generate_fdt.h | 1 | ||||
| -rw-r--r-- | board/android/pvmfw-arm64/platform.dts | 1 |
4 files changed, 22 insertions, 0 deletions
diff --git a/board/android/pvmfw-arm64/boot.c b/board/android/pvmfw-arm64/boot.c index 7c3cb19326..899f733ac7 100644 --- a/board/android/pvmfw-arm64/boot.c +++ b/board/android/pvmfw-arm64/boot.c @@ -12,8 +12,10 @@ #include <bcc.h> #include <command.h> #include <config.h> +#include <dm/uclass.h> #include <fdt_support.h> #include <malloc.h> +#include <rng.h> #include <string.h> #include <linux/err.h> @@ -123,6 +125,18 @@ err: return ret; } +static int seed_u64(uint64_t *seed) +{ + int res; + struct udevice *dev; + + res = uclass_get_device_by_name(UCLASS_RNG, "smccc-trng", &dev); + if (res) + return res; + + return dm_rng_read(dev, seed, sizeof(*seed)); +} + int pvmfw_boot_flow(void *fdt, size_t fdt_max_size, void *image, size_t size, void *bcc, size_t bcc_size) { @@ -161,6 +175,10 @@ int pvmfw_boot_flow(void *fdt, size_t fdt_max_size, void *image, size_t size, if (ret) goto err; + ret = seed_u64(&cfg.kaslr_seed); + if (ret) + goto err; + ret = patch_output_fdt(fdt, &cfg); err: diff --git a/board/android/pvmfw-arm64/generate_fdt.c b/board/android/pvmfw-arm64/generate_fdt.c index 9c77fb7866..c0922ea3a2 100644 --- a/board/android/pvmfw-arm64/generate_fdt.c +++ b/board/android/pvmfw-arm64/generate_fdt.c @@ -481,6 +481,8 @@ static int patch_chosen_node(void *fdt, const struct boot_config *cfg) /* '/chosen/avf,strict-boot' is always set (from the base DT) */ + TRY(fdt_setprop_inplace_u64(fdt, node, "kaslr-seed", cfg->kaslr_seed)); + return 0; } diff --git a/board/android/pvmfw-arm64/generate_fdt.h b/board/android/pvmfw-arm64/generate_fdt.h index 4cf0832edc..ca073f7ad7 100644 --- a/board/android/pvmfw-arm64/generate_fdt.h +++ b/board/android/pvmfw-arm64/generate_fdt.h @@ -35,6 +35,7 @@ struct boot_config { size_t pci_irq_count; size_t serials_count; uint64_t serials[4]; + uint64_t kaslr_seed; uint64_t swiotlb_size; uint64_t swiotlb_align; uint64_t bcc_addr; diff --git a/board/android/pvmfw-arm64/platform.dts b/board/android/pvmfw-arm64/platform.dts index ee48f22ec5..068ac9ac7c 100644 --- a/board/android/pvmfw-arm64/platform.dts +++ b/board/android/pvmfw-arm64/platform.dts @@ -20,6 +20,7 @@ chosen { stdout-path = "/uart@3f8"; linux,pci-probe-only = <1>; + kaslr-seed = <PLACEHOLDER2>; avf,strict-boot; avf,new-instance; }; |