qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] arm: re-randomize rng-seed on reboot

From: Jason A. Donenfeld
Subject: Re: [PATCH] arm: re-randomize rng-seed on reboot
Date: Thu, 29 Sep 2022 22:57:22 +0200 
Hi Peter,

On Tue, Sep 27, 2022 at 06:07:42PM +0200, Jason A. Donenfeld wrote:
> When the system reboots, the rng-seed that the FDT has should be
> re-randomized, so that the new boot gets a new seed. Since the FDT is in
> the ROM region at this point, we add a hook right after the ROM has been
> added, so that we have a pointer to that copy of the FDT. When the
> reboot happens, we then look for RNG seeds and replace their contents
> with new random data.
> 
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Just FYI, I'm waiting for your feedback on this approach, first, before
I add a similar thing for other architectures (at which point perhaps
rerandomize_fdt_seeds will be moved into device_tree.c or something).

Jason

> ---
>  hw/arm/boot.c | 22 ++++++++++++++++++++++
>  1 file changed, 22 insertions(+)
> 
> diff --git a/hw/arm/boot.c b/hw/arm/boot.c
> index ada2717f76..2836db4abb 100644
> --- a/hw/arm/boot.c
> +++ b/hw/arm/boot.c
> @@ -25,6 +25,7 @@
>  #include "qemu/config-file.h"
>  #include "qemu/option.h"
>  #include "qemu/units.h"
> +#include "qemu/guest-random.h"
>  
>  /* Kernel boot protocol is specified in the kernel docs
>   * Documentation/arm/Booting and Documentation/arm64/booting.txt
> @@ -529,6 +530,26 @@ static void fdt_add_psci_node(void *fdt)
>      qemu_fdt_setprop_cell(fdt, "/psci", "migrate", migrate_fn);
>  }
>  
> +static void rerandomize_fdt_seeds(void *fdt)
> +{
> +    int noffset, poffset, len;
> +    const char *name;
> +    uint8_t *data;
> +
> +    for (noffset = fdt_next_node(fdt, 0, NULL);
> +         noffset >= 0;
> +         noffset = fdt_next_node(fdt, noffset, NULL)) {
> +        for (poffset = fdt_first_property_offset(fdt, noffset);
> +             poffset >= 0;
> +             poffset = fdt_next_property_offset(fdt, poffset)) {
> +            data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, 
> &len);
> +            if (!data || strcmp(name, "rng-seed"))
> +                continue;
> +            qemu_guest_getrandom_nofail(data, len);
> +        }
> +    }
> +}
> +
>  int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
>                   hwaddr addr_limit, AddressSpace *as, MachineState *ms)
>  {
> @@ -683,6 +704,7 @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info 
> *binfo,
>       * the DTB is copied again upon reset, even if addr points into RAM.
>       */
>      rom_add_blob_fixed_as("dtb", fdt, size, addr, as);
> +    qemu_register_reset(rerandomize_fdt_seeds, rom_ptr_for_as(as, addr, 
> size));
>  
>      g_free(fdt);
>  
> -- 
> 2.37.3
> 
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]