diff options
author | Ruchika Gupta <ruchika.gupta@nxp.com> | 2017-08-16 15:58:10 +0530 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2017-08-26 14:56:11 -0400 |
commit | a797f274d7ae806d84b9ececf71f043ca6c1502a (patch) | |
tree | 56b5e159ab2ae081434ac18dabdb3e281b1094a3 | |
parent | 225bfd3906453c13a0a88b03d8e62a2f267b3689 (diff) |
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number
kASLR support in kernel requires a random number to be passed via
chosen/kaslr-seed propert. sec_firmware generates this random seed
which can then be passed in the device tree node.
sec_firmware reserves JR3 for it's own usage. Node for JR3 is
removed from device-tree.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
-rw-r--r-- | arch/arm/cpu/armv8/fsl-layerscape/fdt.c | 37 | ||||
-rw-r--r-- | arch/arm/cpu/armv8/sec_firmware.c | 99 | ||||
-rw-r--r-- | arch/arm/include/asm/armv8/sec_firmware.h | 9 |
3 files changed, 142 insertions, 3 deletions
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c index f5f4840f19..c9252751db 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/fdt.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/fdt.c @@ -345,11 +345,38 @@ static void fdt_fixup_msi(void *blob) } #endif +#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT +/* Remove JR node used by SEC firmware */ +void fdt_fixup_remove_jr(void *blob) +{ + int jr_node, addr_cells, len; + int crypto_node = fdt_path_offset(blob, "crypto"); + u64 jr_offset, used_jr; + fdt32_t *reg; + + used_jr = sec_firmware_used_jobring_offset(); + fdt_support_default_count_cells(blob, crypto_node, &addr_cells, NULL); + + jr_node = fdt_node_offset_by_compatible(blob, crypto_node, + "fsl,sec-v4.0-job-ring"); + + while (jr_node != -FDT_ERR_NOTFOUND) { + reg = (fdt32_t *)fdt_getprop(blob, jr_node, "reg", &len); + jr_offset = fdt_read_number(reg, addr_cells); + if (jr_offset == used_jr) { + fdt_del_node(blob, jr_node); + break; + } + jr_node = fdt_node_offset_by_compatible(blob, jr_node, + "fsl,sec-v4.0-job-ring"); + } +} +#endif + void ft_cpu_setup(void *blob, bd_t *bd) { -#ifdef CONFIG_FSL_LSCH2 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); - unsigned int svr = in_be32(&gur->svr); + unsigned int svr = gur_in32(&gur->svr); /* delete crypto node if not on an E-processor */ if (!IS_E_PROCESSOR(svr)) @@ -358,11 +385,15 @@ void ft_cpu_setup(void *blob, bd_t *bd) else { ccsr_sec_t __iomem *sec; +#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT + if (fdt_fixup_kaslr(blob)) + fdt_fixup_remove_jr(blob); +#endif + sec = (void __iomem *)CONFIG_SYS_FSL_SEC_ADDR; fdt_fixup_crypto_node(blob, sec_in32(&sec->secvid_ms)); } #endif -#endif #ifdef CONFIG_MP ft_fixup_cpu(blob); diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c index fffce712d3..0e7483437a 100644 --- a/arch/arm/cpu/armv8/sec_firmware.c +++ b/arch/arm/cpu/armv8/sec_firmware.c @@ -232,6 +232,59 @@ unsigned int sec_firmware_support_psci_version(void) #endif /* + * Check with sec_firmware if it supports random number generation + * via HW RNG + * + * The return value will be true if it is supported + */ +bool sec_firmware_support_hwrng(void) +{ + uint8_t rand[8]; + if (sec_firmware_addr & SEC_FIRMWARE_RUNNING) { + if (!sec_firmware_get_random(rand, 8)) + return true; + } + + return false; +} + +/* + * sec_firmware_get_random - Get a random number from SEC Firmware + * @rand: random number buffer to be filled + * @bytes: Number of bytes of random number to be supported + * @eret: -1 in case of error, 0 for success + */ +int sec_firmware_get_random(uint8_t *rand, int bytes) +{ + unsigned long long num; + struct pt_regs regs; + int param1; + + if (!bytes || bytes > 8) { + printf("Max Random bytes genration supported is 8\n"); + return -1; + } +#define SIP_RNG_64 0xC200FF11 + regs.regs[0] = SIP_RNG_64; + + if (bytes <= 4) + param1 = 0; + else + param1 = 1; + regs.regs[1] = param1; + + smc_call(®s); + + if (regs.regs[0]) + return -1; + + num = regs.regs[1]; + memcpy(rand, &num, bytes); + + return 0; +} + +/* * sec_firmware_init - Initialize the SEC Firmware * @sec_firmware_img: the SEC Firmware image address * @eret_hold_l: the address to hold exception return address low @@ -278,3 +331,49 @@ int sec_firmware_init(const void *sec_firmware_img, return 0; } + +/* + * fdt_fix_kaslr - Add kalsr-seed node in Device tree + * @fdt: Device tree + * @eret: 0 in case of error, 1 for success + */ +int fdt_fixup_kaslr(void *fdt) +{ + int nodeoffset; + int err, ret = 0; + u8 rand[8]; + +#if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT) + /* Check if random seed generation is supported */ + if (sec_firmware_support_hwrng() == false) + return 0; + + ret = sec_firmware_get_random(rand, 8); + if (ret < 0) { + printf("WARNING: No random number to set kaslr-seed\n"); + return 0; + } + + err = fdt_check_header(fdt); + if (err < 0) { + printf("fdt_chosen: %s\n", fdt_strerror(err)); + return 0; + } + + /* find or create "/chosen" node. */ + nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen"); + if (nodeoffset < 0) + return 0; + + err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand, + sizeof(rand)); + if (err < 0) { + printf("WARNING: can't set kaslr-seed %s.\n", + fdt_strerror(err)); + return 0; + } + ret = 1; +#endif + + return ret; +} diff --git a/arch/arm/include/asm/armv8/sec_firmware.h b/arch/arm/include/asm/armv8/sec_firmware.h index bc1d97d7a9..6d42a7111f 100644 --- a/arch/arm/include/asm/armv8/sec_firmware.h +++ b/arch/arm/include/asm/armv8/sec_firmware.h @@ -8,10 +8,14 @@ #define __SEC_FIRMWARE_H_ #define PSCI_INVALID_VER 0xffffffff +#define SEC_JR3_OFFSET 0x40000 int sec_firmware_init(const void *, u32 *, u32 *); int _sec_firmware_entry(const void *, u32 *, u32 *); bool sec_firmware_is_valid(const void *); +bool sec_firmware_support_hwrng(void); +int sec_firmware_get_random(uint8_t *rand, int bytes); +int fdt_fixup_kaslr(void *fdt); #ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI unsigned int sec_firmware_support_psci_version(void); unsigned int _sec_firmware_support_psci_version(void); @@ -22,4 +26,9 @@ static inline unsigned int sec_firmware_support_psci_version(void) } #endif +static inline unsigned int sec_firmware_used_jobring_offset(void) +{ + return SEC_JR3_OFFSET; +} + #endif /* __SEC_FIRMWARE_H_ */ |