* [PATCH] arm: re-randomize rng-seed on reboot
@ 2022-09-27 16:07 Jason A. Donenfeld
2022-09-29 20:57 ` Jason A. Donenfeld via
0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2022-09-27 16:07 UTC (permalink / raw)
To: qemu-devel, peter.maydell, qemu-arm; +Cc: Jason A. Donenfeld
When the system reboots, the rng-seed that the FDT has should be
re-randomized, so that the new boot gets a new seed. Since the FDT is in
the ROM region at this point, we add a hook right after the ROM has been
added, so that we have a pointer to that copy of the FDT. When the
reboot happens, we then look for RNG seeds and replace their contents
with new random data.
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
hw/arm/boot.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index ada2717f76..2836db4abb 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -25,6 +25,7 @@
#include "qemu/config-file.h"
#include "qemu/option.h"
#include "qemu/units.h"
+#include "qemu/guest-random.h"
/* Kernel boot protocol is specified in the kernel docs
* Documentation/arm/Booting and Documentation/arm64/booting.txt
@@ -529,6 +530,26 @@ static void fdt_add_psci_node(void *fdt)
qemu_fdt_setprop_cell(fdt, "/psci", "migrate", migrate_fn);
}
+static void rerandomize_fdt_seeds(void *fdt)
+{
+ int noffset, poffset, len;
+ const char *name;
+ uint8_t *data;
+
+ for (noffset = fdt_next_node(fdt, 0, NULL);
+ noffset >= 0;
+ noffset = fdt_next_node(fdt, noffset, NULL)) {
+ for (poffset = fdt_first_property_offset(fdt, noffset);
+ poffset >= 0;
+ poffset = fdt_next_property_offset(fdt, poffset)) {
+ data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, &len);
+ if (!data || strcmp(name, "rng-seed"))
+ continue;
+ qemu_guest_getrandom_nofail(data, len);
+ }
+ }
+}
+
int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
hwaddr addr_limit, AddressSpace *as, MachineState *ms)
{
@@ -683,6 +704,7 @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
* the DTB is copied again upon reset, even if addr points into RAM.
*/
rom_add_blob_fixed_as("dtb", fdt, size, addr, as);
+ qemu_register_reset(rerandomize_fdt_seeds, rom_ptr_for_as(as, addr, size));
g_free(fdt);
--
2.37.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] arm: re-randomize rng-seed on reboot
2022-09-27 16:07 [PATCH] arm: re-randomize rng-seed on reboot Jason A. Donenfeld
@ 2022-09-29 20:57 ` Jason A. Donenfeld via
2022-09-29 23:18 ` Jason A. Donenfeld
0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld via @ 2022-09-29 20:57 UTC (permalink / raw)
To: qemu-devel, peter.maydell, qemu-arm
Hi Peter,
On Tue, Sep 27, 2022 at 06:07:42PM +0200, Jason A. Donenfeld wrote:
> When the system reboots, the rng-seed that the FDT has should be
> re-randomized, so that the new boot gets a new seed. Since the FDT is in
> the ROM region at this point, we add a hook right after the ROM has been
> added, so that we have a pointer to that copy of the FDT. When the
> reboot happens, we then look for RNG seeds and replace their contents
> with new random data.
>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Just FYI, I'm waiting for your feedback on this approach, first, before
I add a similar thing for other architectures (at which point perhaps
rerandomize_fdt_seeds will be moved into device_tree.c or something).
Jason
> ---
> hw/arm/boot.c | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/hw/arm/boot.c b/hw/arm/boot.c
> index ada2717f76..2836db4abb 100644
> --- a/hw/arm/boot.c
> +++ b/hw/arm/boot.c
> @@ -25,6 +25,7 @@
> #include "qemu/config-file.h"
> #include "qemu/option.h"
> #include "qemu/units.h"
> +#include "qemu/guest-random.h"
>
> /* Kernel boot protocol is specified in the kernel docs
> * Documentation/arm/Booting and Documentation/arm64/booting.txt
> @@ -529,6 +530,26 @@ static void fdt_add_psci_node(void *fdt)
> qemu_fdt_setprop_cell(fdt, "/psci", "migrate", migrate_fn);
> }
>
> +static void rerandomize_fdt_seeds(void *fdt)
> +{
> + int noffset, poffset, len;
> + const char *name;
> + uint8_t *data;
> +
> + for (noffset = fdt_next_node(fdt, 0, NULL);
> + noffset >= 0;
> + noffset = fdt_next_node(fdt, noffset, NULL)) {
> + for (poffset = fdt_first_property_offset(fdt, noffset);
> + poffset >= 0;
> + poffset = fdt_next_property_offset(fdt, poffset)) {
> + data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, &len);
> + if (!data || strcmp(name, "rng-seed"))
> + continue;
> + qemu_guest_getrandom_nofail(data, len);
> + }
> + }
> +}
> +
> int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
> hwaddr addr_limit, AddressSpace *as, MachineState *ms)
> {
> @@ -683,6 +704,7 @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
> * the DTB is copied again upon reset, even if addr points into RAM.
> */
> rom_add_blob_fixed_as("dtb", fdt, size, addr, as);
> + qemu_register_reset(rerandomize_fdt_seeds, rom_ptr_for_as(as, addr, size));
>
> g_free(fdt);
>
> --
> 2.37.3
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] arm: re-randomize rng-seed on reboot
2022-09-29 20:57 ` Jason A. Donenfeld via
@ 2022-09-29 23:18 ` Jason A. Donenfeld
0 siblings, 0 replies; 3+ messages in thread
From: Jason A. Donenfeld @ 2022-09-29 23:18 UTC (permalink / raw)
To: qemu-devel, peter.maydell, qemu-arm
On Thu, Sep 29, 2022 at 10:57:22PM +0200, Jason A. Donenfeld via wrote:
> Hi Peter,
>
> On Tue, Sep 27, 2022 at 06:07:42PM +0200, Jason A. Donenfeld wrote:
> > When the system reboots, the rng-seed that the FDT has should be
> > re-randomized, so that the new boot gets a new seed. Since the FDT is in
> > the ROM region at this point, we add a hook right after the ROM has been
> > added, so that we have a pointer to that copy of the FDT. When the
> > reboot happens, we then look for RNG seeds and replace their contents
> > with new random data.
> >
> > Cc: Peter Maydell <peter.maydell@linaro.org>
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
>
> Just FYI, I'm waiting for your feedback on this approach, first, before
> I add a similar thing for other architectures (at which point perhaps
> rerandomize_fdt_seeds will be moved into device_tree.c or something).
Actually, I think I'll generalize it now, and then we can evaluate it
all together. It actually looks a bit nicer split into patches. So I'll
have a replacement series for you shortly.
Jason
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-29 23:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-27 16:07 [PATCH] arm: re-randomize rng-seed on reboot Jason A. Donenfeld
2022-09-29 20:57 ` Jason A. Donenfeld via
2022-09-29 23:18 ` Jason A. Donenfeld
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.