From: Hsin-Yi Wang <hsinyi@chromium.org> To: linux-arm-kernel@lists.infradead.org, "Theodore Y . Ts'o" <tytso@mit.edu> Cc: Russell King <linux@armlinux.org.uk>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, "H . Peter Anvin" <hpa@zytor.com>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, Kate Stewart <kstewart@linuxfoundation.org>, "David S . Miller" <davem@davemloft.net>, Viresh Kumar <viresh.kumar@linaro.org>, Marek Szyprowski <m.szyprowski@samsung.com>, Arnd Bergmann <arnd@arndb.de>, Marc Zyngier <maz@kernel.org>, Julien Thierry <julien.thierry.kdev@gmail.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Wei Li <liwei391@huawei.com>, Anders Roxell <anders.roxell@linaro.org>, Rob Herring <robh@kernel.org>, Aaro Koskinen <aaro.koskinen@nokia.com>, Daniel Thompson <daniel.thompson@linaro.org>, Tim Chen <tim.c.chen@linux.intel.com>, Rik van Riel <riel@surriel.com>, Waiman Long <longman@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>, Peter Zijlstra <peterz@infradead.org>, Armijn Hemel <armijn@tjaldur.nl>, Grzegorz Halat <ghalat@redhat.com>, Len Brown <len.brown@intel.com>, Shaokun Zhang <zhangshaokun@hisilicon.com>, Mike Rapoport <rppt@linux.vnet.ibm.com>, Kees Cook <keescook@chromium.org>, Stephen Boyd <swboyd@chromium.org>, Guenter Roeck <groeck@chromium.org>, Andrew Morton <akpm@linux-foundation.org>, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>, Alexey Dobriyan <adobriyan@gmail.com>, Yury Norov <ynorov@marvell.com>, Josh Poimboeuf <jpoimboe@redhat.com>, Jiri Kosina <jkosina@suse.cz>, Mukesh Ojha <mojha@codeaurora.org>, linux-kernel@vger.kernel.org Subject: [PATCH v9 2/3] fdt: add support for rng-seed Date: Thu, 22 Aug 2019 15:15:22 +0800 [thread overview] Message-ID: <20190822071522.143986-3-hsinyi@chromium.org> (raw) In-Reply-To: <20190822071522.143986-1-hsinyi@chromium.org> Introducing a chosen node, rng-seed, which is an entropy that can be passed to kernel called very early to increase initial device randomness. Bootloader should provide this entropy and the value is read from /chosen/rng-seed in DT. Obtain of_fdt_crc32 for CRC check after early_init_dt_scan_nodes(), since early_init_dt_scan_chosen() would modify fdt to erase rng-seed. Add a new interface add_bootloader_randomness() for rng-seed use case. Depends on whether the seed is trustworthy, rng seed would be passed to add_hwgenerator_randomness(). Otherwise it would be passed to add_device_randomness(). Decision is controlled by kernel config RANDOM_TRUST_BOOTLOADER. Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org> Reviewed-by: Stephen Boyd <swboyd@chromium.org> Reviewed-by: Rob Herring <robh@kernel.org> --- Change from v8: * Add a new interface add_bootloader_randomness * Add a new kernel config --- drivers/char/Kconfig | 10 ++++++++++ drivers/char/random.c | 15 +++++++++++++++ drivers/of/fdt.c | 14 ++++++++++++-- include/linux/random.h | 1 + 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig index 96156c729a31..5974a5906fd0 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -551,3 +551,13 @@ config RANDOM_TRUST_CPU has not installed a hidden back door to compromise the CPU's random number generation facilities. This can also be configured at boot with "random.trust_cpu=on/off". + +config RANDOM_TRUST_BOOTLOADER + bool "Trust the bootloader to initialize Linux's CRNG" + default n + help + Bootloader could provide rng-seed set in /chosen/rng-seed in DT to help + increase initial device randomness. Assume the entropy provided is + trustworthy, it would be regarded as true hardware RNGs and update the + entropy estimate. Otherwise it would be regarded as device input that + could help mix the entropy pool, but won't be added to actual entropy. \ No newline at end of file diff --git a/drivers/char/random.c b/drivers/char/random.c index 5d5ea4ce1442..29d3ff3de1e1 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -2445,3 +2445,18 @@ void add_hwgenerator_randomness(const char *buffer, size_t count, credit_entropy_bits(poolp, entropy); } EXPORT_SYMBOL_GPL(add_hwgenerator_randomness); + +/* Handle random seed passed by bootloader. + * If the seed is trustworthy, it would be regarded as hardware RNGs. Otherwise + * it would be regarded as device data. + * The decision is controlled by CONFIG_RANDOM_TRUST_BOOTLOADER. + */ +void add_bootloader_randomness(const void *buf, unsigned int size) +{ +#ifdef CONFIG_RANDOM_TRUST_BOOTLOADER + add_hwgenerator_randomness(buf, size, size * 8); +#else + add_device_randomness(buf, size); +#endif +} +EXPORT_SYMBOL_GPL(add_bootloader_randomness); \ No newline at end of file diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c index 9cdf14b9aaab..7d97ab6d0e31 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -24,6 +24,7 @@ #include <linux/debugfs.h> #include <linux/serial_core.h> #include <linux/sysfs.h> +#include <linux/random.h> #include <asm/setup.h> /* for COMMAND_LINE_SIZE */ #include <asm/page.h> @@ -1044,6 +1045,7 @@ int __init early_init_dt_scan_chosen(unsigned long node, const char *uname, { int l; const char *p; + const void *rng_seed; pr_debug("search \"chosen\", depth: %d, uname: %s\n", depth, uname); @@ -1078,6 +1080,14 @@ int __init early_init_dt_scan_chosen(unsigned long node, const char *uname, pr_debug("Command line is: %s\n", (char*)data); + rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l); + if (rng_seed && l > 0) { + add_bootloader_randomness(rng_seed, l); + + /* try to clear seed so it won't be found. */ + fdt_nop_property(initial_boot_params, node, "rng-seed"); + } + /* break now */ return 1; } @@ -1166,8 +1176,6 @@ bool __init early_init_dt_verify(void *params) /* Setup flat device-tree pointer */ initial_boot_params = params; - of_fdt_crc32 = crc32_be(~0, initial_boot_params, - fdt_totalsize(initial_boot_params)); return true; } @@ -1197,6 +1205,8 @@ bool __init early_init_dt_scan(void *params) return false; early_init_dt_scan_nodes(); + of_fdt_crc32 = crc32_be(~0, initial_boot_params, + fdt_totalsize(initial_boot_params)); return true; } diff --git a/include/linux/random.h b/include/linux/random.h index 1f7dced2bba6..f189c927fdea 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -19,6 +19,7 @@ struct random_ready_callback { }; extern void add_device_randomness(const void *, unsigned int); +extern void add_bootloader_randomness(const void *, unsigned int); #if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__) static inline void add_latent_entropy(void) -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Hsin-Yi Wang <hsinyi@chromium.org> To: linux-arm-kernel@lists.infradead.org, "Theodore Y . Ts'o" <tytso@mit.edu> Cc: Kate Stewart <kstewart@linuxfoundation.org>, Peter Zijlstra <peterz@infradead.org>, Catalin Marinas <catalin.marinas@arm.com>, Mukesh Ojha <mojha@codeaurora.org>, Grzegorz Halat <ghalat@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, Guenter Roeck <groeck@chromium.org>, Will Deacon <will@kernel.org>, Marek Szyprowski <m.szyprowski@samsung.com>, Rob Herring <robh@kernel.org>, Daniel Thompson <daniel.thompson@linaro.org>, Anders Roxell <anders.roxell@linaro.org>, Yury Norov <ynorov@marvell.com>, Marc Zyngier <maz@kernel.org>, Russell King <linux@armlinux.org.uk>, Aaro Koskinen <aaro.koskinen@nokia.com>, Ingo Molnar <mingo@redhat.com>, Viresh Kumar <viresh.kumar@linaro.org>, Waiman Long <longman@redhat.com>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, Wei Li <liwei391@huawei.com>, Alexey Dobriyan <adobriyan@gmail.com>, Julien Thierry <julien.thierry.kdev@gmail.com>, Len Brown <len.brown@intel.com>, Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>, Rik van Riel <riel@surriel.com>, Stephen Boyd <swboyd@chromium.org>, Shaokun Zhang <zhangshaokun@hisilicon.com>, Mike Rapoport <rppt@linux.vnet.ibm.com>, Borislav Petkov <bp@alien8.de>, Josh Poimboeuf <jpoimboe@redhat.com>, Thomas Gleixner <tglx@linutronix.de>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Marcelo Tosatti <mtosatti@redhat.com>, linux-kernel@vger.kernel.org, Armijn Hemel <armijn@tjaldur.nl>, Jiri Kosina <jkosina@suse.cz>, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>, Andrew Morton <akpm@linux-foundation.org>, Tim Chen <tim.c.chen@linux.intel.com>, "David S . Miller" <davem@davemloft.net> Subject: [PATCH v9 2/3] fdt: add support for rng-seed Date: Thu, 22 Aug 2019 15:15:22 +0800 [thread overview] Message-ID: <20190822071522.143986-3-hsinyi@chromium.org> (raw) In-Reply-To: <20190822071522.143986-1-hsinyi@chromium.org> Introducing a chosen node, rng-seed, which is an entropy that can be passed to kernel called very early to increase initial device randomness. Bootloader should provide this entropy and the value is read from /chosen/rng-seed in DT. Obtain of_fdt_crc32 for CRC check after early_init_dt_scan_nodes(), since early_init_dt_scan_chosen() would modify fdt to erase rng-seed. Add a new interface add_bootloader_randomness() for rng-seed use case. Depends on whether the seed is trustworthy, rng seed would be passed to add_hwgenerator_randomness(). Otherwise it would be passed to add_device_randomness(). Decision is controlled by kernel config RANDOM_TRUST_BOOTLOADER. Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org> Reviewed-by: Stephen Boyd <swboyd@chromium.org> Reviewed-by: Rob Herring <robh@kernel.org> --- Change from v8: * Add a new interface add_bootloader_randomness * Add a new kernel config --- drivers/char/Kconfig | 10 ++++++++++ drivers/char/random.c | 15 +++++++++++++++ drivers/of/fdt.c | 14 ++++++++++++-- include/linux/random.h | 1 + 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig index 96156c729a31..5974a5906fd0 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -551,3 +551,13 @@ config RANDOM_TRUST_CPU has not installed a hidden back door to compromise the CPU's random number generation facilities. This can also be configured at boot with "random.trust_cpu=on/off". + +config RANDOM_TRUST_BOOTLOADER + bool "Trust the bootloader to initialize Linux's CRNG" + default n + help + Bootloader could provide rng-seed set in /chosen/rng-seed in DT to help + increase initial device randomness. Assume the entropy provided is + trustworthy, it would be regarded as true hardware RNGs and update the + entropy estimate. Otherwise it would be regarded as device input that + could help mix the entropy pool, but won't be added to actual entropy. \ No newline at end of file diff --git a/drivers/char/random.c b/drivers/char/random.c index 5d5ea4ce1442..29d3ff3de1e1 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -2445,3 +2445,18 @@ void add_hwgenerator_randomness(const char *buffer, size_t count, credit_entropy_bits(poolp, entropy); } EXPORT_SYMBOL_GPL(add_hwgenerator_randomness); + +/* Handle random seed passed by bootloader. + * If the seed is trustworthy, it would be regarded as hardware RNGs. Otherwise + * it would be regarded as device data. + * The decision is controlled by CONFIG_RANDOM_TRUST_BOOTLOADER. + */ +void add_bootloader_randomness(const void *buf, unsigned int size) +{ +#ifdef CONFIG_RANDOM_TRUST_BOOTLOADER + add_hwgenerator_randomness(buf, size, size * 8); +#else + add_device_randomness(buf, size); +#endif +} +EXPORT_SYMBOL_GPL(add_bootloader_randomness); \ No newline at end of file diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c index 9cdf14b9aaab..7d97ab6d0e31 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -24,6 +24,7 @@ #include <linux/debugfs.h> #include <linux/serial_core.h> #include <linux/sysfs.h> +#include <linux/random.h> #include <asm/setup.h> /* for COMMAND_LINE_SIZE */ #include <asm/page.h> @@ -1044,6 +1045,7 @@ int __init early_init_dt_scan_chosen(unsigned long node, const char *uname, { int l; const char *p; + const void *rng_seed; pr_debug("search \"chosen\", depth: %d, uname: %s\n", depth, uname); @@ -1078,6 +1080,14 @@ int __init early_init_dt_scan_chosen(unsigned long node, const char *uname, pr_debug("Command line is: %s\n", (char*)data); + rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l); + if (rng_seed && l > 0) { + add_bootloader_randomness(rng_seed, l); + + /* try to clear seed so it won't be found. */ + fdt_nop_property(initial_boot_params, node, "rng-seed"); + } + /* break now */ return 1; } @@ -1166,8 +1176,6 @@ bool __init early_init_dt_verify(void *params) /* Setup flat device-tree pointer */ initial_boot_params = params; - of_fdt_crc32 = crc32_be(~0, initial_boot_params, - fdt_totalsize(initial_boot_params)); return true; } @@ -1197,6 +1205,8 @@ bool __init early_init_dt_scan(void *params) return false; early_init_dt_scan_nodes(); + of_fdt_crc32 = crc32_be(~0, initial_boot_params, + fdt_totalsize(initial_boot_params)); return true; } diff --git a/include/linux/random.h b/include/linux/random.h index 1f7dced2bba6..f189c927fdea 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -19,6 +19,7 @@ struct random_ready_callback { }; extern void add_device_randomness(const void *, unsigned int); +extern void add_bootloader_randomness(const void *, unsigned int); #if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__) static inline void add_latent_entropy(void) -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-08-22 7:16 UTC|newest] Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-08-22 7:15 [PATCH v9 0/3] add support for rng-seed Hsin-Yi Wang 2019-08-22 7:15 ` Hsin-Yi Wang 2019-08-22 7:15 ` [PATCH v9 1/3] arm64: map FDT as RW for early_init_dt_scan() Hsin-Yi Wang 2019-08-22 7:15 ` Hsin-Yi Wang 2019-08-22 7:15 ` Hsin-Yi Wang [this message] 2019-08-22 7:15 ` [PATCH v9 2/3] fdt: add support for rng-seed Hsin-Yi Wang 2019-08-22 16:03 ` Theodore Y. Ts'o 2019-08-22 16:03 ` Theodore Y. Ts'o 2019-08-22 17:39 ` Stephen Boyd 2019-08-22 17:39 ` Stephen Boyd 2019-08-24 19:04 ` Kees Cook 2019-08-24 19:04 ` Kees Cook 2019-08-29 10:03 ` Hsin-Yi Wang 2019-08-29 10:03 ` Hsin-Yi Wang 2019-08-29 15:45 ` Theodore Y. Ts'o 2019-08-29 15:45 ` Theodore Y. Ts'o 2019-08-29 16:25 ` Kees Cook 2019-08-29 16:22 ` Kees Cook 2019-08-29 16:22 ` Kees Cook 2019-08-22 7:15 ` [PATCH v9 3/3] arm64: kexec_file: add rng-seed support Hsin-Yi Wang 2019-08-22 7:15 ` Hsin-Yi Wang
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190822071522.143986-3-hsinyi@chromium.org \ --to=hsinyi@chromium.org \ --cc=aaro.koskinen@nokia.com \ --cc=adobriyan@gmail.com \ --cc=akpm@linux-foundation.org \ --cc=anders.roxell@linaro.org \ --cc=armijn@tjaldur.nl \ --cc=arnd@arndb.de \ --cc=bp@alien8.de \ --cc=catalin.marinas@arm.com \ --cc=daniel.thompson@linaro.org \ --cc=davem@davemloft.net \ --cc=ghalat@redhat.com \ --cc=gregkh@linuxfoundation.org \ --cc=groeck@chromium.org \ --cc=hpa@zytor.com \ --cc=jkosina@suse.cz \ --cc=jpoimboe@redhat.com \ --cc=julien.thierry.kdev@gmail.com \ --cc=keescook@chromium.org \ --cc=kstewart@linuxfoundation.org \ --cc=len.brown@intel.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux@armlinux.org.uk \ --cc=liwei391@huawei.com \ --cc=longman@redhat.com \ --cc=m.szyprowski@samsung.com \ --cc=mathieu.desnoyers@efficios.com \ --cc=maz@kernel.org \ --cc=mingo@redhat.com \ --cc=mojha@codeaurora.org \ --cc=mtosatti@redhat.com \ --cc=paulmck@linux.vnet.ibm.com \ --cc=peterz@infradead.org \ --cc=riel@surriel.com \ --cc=robh@kernel.org \ --cc=rppt@linux.vnet.ibm.com \ --cc=swboyd@chromium.org \ --cc=tglx@linutronix.de \ --cc=tim.c.chen@linux.intel.com \ --cc=tytso@mit.edu \ --cc=viresh.kumar@linaro.org \ --cc=will@kernel.org \ --cc=ynorov@marvell.com \ --cc=zhangshaokun@hisilicon.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.