From 832bb389d82404285933a97cbf79d0080a3645d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre-Cl=C3=A9ment=20Tosi?= <ptosi@google.com>
Date: Wed, 6 Apr 2022 21:16:10 +0100
Subject: ANDROID: pvmfw: Generate /chosen/kaslr-seed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Generate the seed from pvmfw to allow the guest to trust it.

Bug: 224922775
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Change-Id: I56051a34f611028122e38ec9db51e2ba8199d0ea
---
 board/android/pvmfw-arm64/boot.c         | 18 ++++++++++++++++++
 board/android/pvmfw-arm64/generate_fdt.c |  2 ++
 board/android/pvmfw-arm64/generate_fdt.h |  1 +
 board/android/pvmfw-arm64/platform.dts   |  1 +
 4 files changed, 22 insertions(+)

diff --git a/board/android/pvmfw-arm64/boot.c b/board/android/pvmfw-arm64/boot.c
index 7c3cb19326..899f733ac7 100644
--- a/board/android/pvmfw-arm64/boot.c
+++ b/board/android/pvmfw-arm64/boot.c
@@ -12,8 +12,10 @@
 #include <bcc.h>
 #include <command.h>
 #include <config.h>
+#include <dm/uclass.h>
 #include <fdt_support.h>
 #include <malloc.h>
+#include <rng.h>
 #include <string.h>
 #include <linux/err.h>
 
@@ -123,6 +125,18 @@ err:
 	return ret;
 }
 
+static int seed_u64(uint64_t *seed)
+{
+	int res;
+	struct udevice *dev;
+
+	res = uclass_get_device_by_name(UCLASS_RNG, "smccc-trng", &dev);
+	if (res)
+		return res;
+
+	return dm_rng_read(dev, seed, sizeof(*seed));
+}
+
 int pvmfw_boot_flow(void *fdt, size_t fdt_max_size, void *image, size_t size,
 		    void *bcc, size_t bcc_size)
 {
@@ -161,6 +175,10 @@ int pvmfw_boot_flow(void *fdt, size_t fdt_max_size, void *image, size_t size,
 	if (ret)
 		goto err;
 
+	ret = seed_u64(&cfg.kaslr_seed);
+	if (ret)
+		goto err;
+
 	ret = patch_output_fdt(fdt, &cfg);
 
 err:
diff --git a/board/android/pvmfw-arm64/generate_fdt.c b/board/android/pvmfw-arm64/generate_fdt.c
index 9c77fb7866..c0922ea3a2 100644
--- a/board/android/pvmfw-arm64/generate_fdt.c
+++ b/board/android/pvmfw-arm64/generate_fdt.c
@@ -481,6 +481,8 @@ static int patch_chosen_node(void *fdt, const struct boot_config *cfg)
 
 	/* '/chosen/avf,strict-boot' is always set (from the base DT) */
 
+	TRY(fdt_setprop_inplace_u64(fdt, node, "kaslr-seed", cfg->kaslr_seed));
+
 	return 0;
 }
 
diff --git a/board/android/pvmfw-arm64/generate_fdt.h b/board/android/pvmfw-arm64/generate_fdt.h
index 4cf0832edc..ca073f7ad7 100644
--- a/board/android/pvmfw-arm64/generate_fdt.h
+++ b/board/android/pvmfw-arm64/generate_fdt.h
@@ -35,6 +35,7 @@ struct boot_config {
 	size_t pci_irq_count;
 	size_t serials_count;
 	uint64_t serials[4];
+	uint64_t kaslr_seed;
 	uint64_t swiotlb_size;
 	uint64_t swiotlb_align;
 	uint64_t bcc_addr;
diff --git a/board/android/pvmfw-arm64/platform.dts b/board/android/pvmfw-arm64/platform.dts
index ee48f22ec5..068ac9ac7c 100644
--- a/board/android/pvmfw-arm64/platform.dts
+++ b/board/android/pvmfw-arm64/platform.dts
@@ -20,6 +20,7 @@
 	chosen {
 		stdout-path = "/uart@3f8";
 		linux,pci-probe-only = <1>;
+		kaslr-seed = <PLACEHOLDER2>;
 		avf,strict-boot;
 		avf,new-instance;
 	};
-- 
cgit v1.2.3