From 7958943790c4bbd4d2ca6dc992e313317aee19b6 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Wed, 18 Dec 2019 01:03:30 +0000 Subject: [PATCH 1/2] New function cpu_startup_hook on arm. Called at end of cpu_startup. Can be defined in, e.g., evbarm to do additional stuff after cpu_startup. Defined as a weak alias to a function that does nothing, so optional. --- sys/arch/aarch64/aarch64/aarch64_machdep.c | 8 ++++++++ sys/arch/aarch64/include/machdep.h | 3 +++ sys/arch/arm/arm32/arm32_machdep.c | 8 ++++++++ sys/arch/arm/include/arm32/machdep.h | 3 +++ 4 files changed, 22 insertions(+) diff --git a/sys/arch/aarch64/aarch64/aarch64_machdep.c b/sys/arch/aarch64/aarch64/aarch64_machdep.c index 8de0ac7faf58..820bc8d4f110 100644 --- a/sys/arch/aarch64/aarch64/aarch64_machdep.c +++ b/sys/arch/aarch64/aarch64/aarch64_machdep.c @@ -595,6 +595,14 @@ cpu_startup(void) /* Hello! */ banner(); + + cpu_startup_hook(); +} + +__weak_alias(cpu_startup_hook,cpu_startup_default) +void +cpu_startup_default(void) +{ } /* diff --git a/sys/arch/aarch64/include/machdep.h b/sys/arch/aarch64/include/machdep.h index 4175cc1ffe6d..3fa779cb8366 100644 --- a/sys/arch/aarch64/include/machdep.h +++ b/sys/arch/aarch64/include/machdep.h @@ -83,6 +83,9 @@ void uartputc(int); void parse_mi_bootargs(char *); void dumpsys(void); +void cpu_startup_hook(void); +void cpu_startup_default(void); + struct trapframe; /* fault.c */ diff --git a/sys/arch/arm/arm32/arm32_machdep.c b/sys/arch/arm/arm32/arm32_machdep.c index 060126d305a3..6ec09ffb47ba 100644 --- a/sys/arch/arm/arm32/arm32_machdep.c +++ b/sys/arch/arm/arm32/arm32_machdep.c @@ -353,6 +353,14 @@ cpu_startup(void) #else tf->tf_spsr = PSR_USR32_MODE; #endif + + cpu_startup_hook(); +} + +__weak_alias(cpu_startup_hook,cpu_startup_default) +void +cpu_startup_hook(void) +{ } /* diff --git a/sys/arch/arm/include/arm32/machdep.h b/sys/arch/arm/include/arm32/machdep.h index f7151fed3f99..53aab87e14ed 100644 --- a/sys/arch/arm/include/arm32/machdep.h +++ b/sys/arch/arm/include/arm32/machdep.h @@ -73,6 +73,9 @@ vaddr_t initarm(void *); struct pmap_devmap; struct boot_physmem; +void cpu_startup_hook(void); +void cpu_startup_default(void); + static inline paddr_t aarch32_kern_vtophys(vaddr_t va) { From befc8671964babf8c90de15523dd05eafcc1cc33 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Wed, 18 Dec 2019 01:06:41 +0000 Subject: [PATCH 2/2] Implement rndseed support in efiboot and fdt arm. The EFI environment variable `rndseed' specifies the path to the random seed. It is loaded only for fdt platforms at the moment. Since the rndseed (an rndsave_t object as defined in ) is 536 bytes long (for hysterical raisins), and to avoid having to erase parts of the fdt tree, we load it into a physical page whose address is passed in the fdt tree, rather than passing the content of the file as an fdt node directly; the kernel then reserves the page from uvm, and maps it into kva to call rnd_seed. WARNING: The kernel _must_ use the rndseed passed in this way; otherwise it will be in just another page of physical RAM that uvm may allocate for normal use, which could lead to disclosure of the only secret seed material available to the machine -- which would be worse than simply loading the seed late with /etc/rc.d/random_seed. For now, the only kernel that does use efiboot with fdt is evbarm, which knows to handle the rndseed. Any new kernels that use efiboot with fdt must do the same. --- sys/arch/evbarm/fdt/fdt_machdep.c | 75 +++++++++++++++++++++++++++++++ sys/stand/efiboot/boot.c | 33 ++++++++++++++ sys/stand/efiboot/efiboot.h | 2 + sys/stand/efiboot/efifdt.c | 22 +++++++++ sys/stand/efiboot/efifdt.h | 1 + sys/stand/efiboot/exec.c | 14 +++++- sys/stand/efiboot/version | 1 + 7 files changed, 146 insertions(+), 2 deletions(-) diff --git a/sys/arch/evbarm/fdt/fdt_machdep.c b/sys/arch/evbarm/fdt/fdt_machdep.c index 9406bd42b18f..a332f98d5c45 100644 --- a/sys/arch/evbarm/fdt/fdt_machdep.c +++ b/sys/arch/evbarm/fdt/fdt_machdep.c @@ -64,6 +64,7 @@ __KERNEL_RCSID(0, "$NetBSD: fdt_machdep.c,v 1.64 2019/07/16 14:41:45 skrll Exp $ #include #include #include +#include #include #include @@ -117,6 +118,7 @@ u_long uboot_args[4] __attribute__((__section__(".data"))); const uint8_t *fdt_addr_r __attribute__((__section__(".data"))); static uint64_t initrd_start, initrd_end; +static uint64_t rndseed_start, rndseed_end; #include #include @@ -311,6 +313,10 @@ fdt_build_bootconfig(uint64_t mem_start, uint64_t mem_end) if (initrd_size > 0) fdt_memory_remove_range(initrd_start, initrd_size); + const uint64_t rndseed_size = rndseed_end - rndseed_start; + if (rndseed_size > 0) + fdt_memory_remove_range(rndseed_start, rndseed_size); + const int framebuffer = OF_finddevice("/chosen/framebuffer"); if (framebuffer >= 0) { for (index = 0; @@ -390,6 +396,65 @@ fdt_setup_initrd(void) #endif } +static void +fdt_probe_rndseed(uint64_t *pstart, uint64_t *pend) +{ + int chosen, len; + const void *start_data, *end_data; + + *pstart = *pend = 0; + chosen = OF_finddevice("/chosen"); + if (chosen < 0) + return; + + start_data = fdtbus_get_prop(chosen, "netbsd,rndseed-start", &len); + end_data = fdtbus_get_prop(chosen, "netbsd,rndseed-end", NULL); + if (start_data == NULL || end_data == NULL) + return; + + switch (len) { + case 4: + *pstart = be32dec(start_data); + *pend = be32dec(end_data); + break; + case 8: + *pstart = be64dec(start_data); + *pend = be64dec(end_data); + break; + default: + printf("Unsupported len %d for /chosen/rndseed-start\n", len); + return; + } +} + +static void +fdt_setup_rndseed(void) +{ + const uint64_t rndseed_size = rndseed_end - rndseed_start; + const paddr_t startpa = trunc_page(rndseed_start); + const paddr_t endpa = round_page(rndseed_end); + paddr_t pa; + vaddr_t va; + void *rndseed; + + if (rndseed_size == 0) + return; + + va = uvm_km_alloc(kernel_map, endpa - startpa, 0, + UVM_KMF_VAONLY | UVM_KMF_NOWAIT); + if (va == 0) { + printf("Failed to allocate VA for rndseed\n"); + return; + } + rndseed = (void *)va; + + for (pa = startpa; pa < endpa; pa += PAGE_SIZE, va += PAGE_SIZE) + pmap_kenter_pa(va, pa, VM_PROT_READ|VM_PROT_WRITE, 0); + pmap_update(pmap_kernel()); + + rnd_seed(rndseed, rndseed_size); +} + #ifdef EFI_RUNTIME static void fdt_map_efi_runtime(const char *prop, enum arm_efirt_mem_type type) @@ -518,6 +583,9 @@ initarm(void *arg) /* Parse ramdisk info */ fdt_probe_initrd(&initrd_start, &initrd_end); + /* Parse rndseed */ + fdt_probe_rndseed(&rndseed_start, &rndseed_end); + /* * Populate bootconfig structure for the benefit of * dodumpsys @@ -628,6 +696,13 @@ consinit(void) initialized = true; } +void +cpu_startup_hook(void) +{ + + fdt_setup_rndseed(); +} + void delay(u_int us) { diff --git a/sys/stand/efiboot/boot.c b/sys/stand/efiboot/boot.c index bf81659e0952..158e9e38172d 100644 --- a/sys/stand/efiboot/boot.c +++ b/sys/stand/efiboot/boot.c @@ -75,6 +75,7 @@ static char dtb_path[255]; static char efibootplist_path[255]; static char netbsd_path[255]; static char netbsd_args[255]; +static char rndseed_path[255]; #define DEFTIMEOUT 5 #define DEFFILENAME names[0] @@ -87,6 +88,7 @@ void command_dev(char *); void command_dtb(char *); void command_plist(char *); void command_initrd(char *); +void command_rndseed(char *); void command_ls(char *); void command_mem(char *); void command_printenv(char *); @@ -103,6 +105,7 @@ const struct boot_command commands[] = { { "dtb", command_dtb, "dtb [dev:][filename]" }, { "plist", command_plist, "plist [dev:][filename]" }, { "initrd", command_initrd, "initrd [dev:][filename]" }, + { "rndseed", command_rndseed, "rndseed [dev:][filename]" }, { "ls", command_ls, "ls [hdNn:/path]" }, { "mem", command_mem, "mem" }, { "printenv", command_printenv, "printenv [key]" }, @@ -181,6 +184,12 @@ command_initrd(char *arg) set_initrd_path(arg); } +void +command_rndseed(char *arg) +{ + set_rndseed_path(arg); +} + void command_ls(char *arg) { @@ -347,6 +356,21 @@ char *get_efibootplist_path(void) return efibootplist_path; } +int +set_rndseed_path(const char *arg) +{ + if (strlen(arg) + 1 > sizeof(rndseed_path)) + return ERANGE; + strcpy(rndseed_path, arg); + return 0; +} + +char * +get_rndseed_path(void) +{ + return rndseed_path; +} + int set_bootfile(const char *arg) { @@ -437,6 +461,15 @@ read_env(void) set_bootargs(s); FreePool(s); } + + s = efi_env_get("rndseed"); + if (s) { +#ifdef EFIBOOT_DEBUG + printf(">> Setting rndseed path to '%s' from environment\n", s); +#endif + set_rndseed_path(s); + FreePool(s); + } } void diff --git a/sys/stand/efiboot/efiboot.h b/sys/stand/efiboot/efiboot.h index e7a34aa691da..f2135c85973d 100644 --- a/sys/stand/efiboot/efiboot.h +++ b/sys/stand/efiboot/efiboot.h @@ -64,6 +64,8 @@ int set_dtb_path(const char *); char *get_dtb_path(void); int set_efibootplist_path(const char *); char *get_efibootplist_path(void); +int set_rndseed_path(const char *); +char *get_rndseed_path(void); /* console.c */ int ischar(void); diff --git a/sys/stand/efiboot/efifdt.c b/sys/stand/efiboot/efifdt.c index 2ee634c29b20..1607edb7d943 100644 --- a/sys/stand/efiboot/efifdt.c +++ b/sys/stand/efiboot/efifdt.c @@ -383,3 +383,25 @@ efi_fdt_initrd(u_long initrd_addr, u_long initrd_size) fdt_setprop_u64(fdt_data, chosen, "linux,initrd-start", initrd_addr); fdt_setprop_u64(fdt_data, chosen, "linux,initrd-end", initrd_addr + initrd_size); } + +void +efi_fdt_rndseed(u_long rndseed_addr, u_long rndseed_size) +{ + int chosen; + + if (rndseed_size == 0) + return; + + chosen = fdt_path_offset(fdt_data, FDT_CHOSEN_NODE_PATH); + if (chosen < 0) + chosen = fdt_add_subnode(fdt_data, + fdt_path_offset(fdt_data, "/"), + FDT_CHOSEN_NODE_NAME); + if (chosen < 0) + panic("FDT: Failed to create " FDT_CHOSEN_NODE_PATH " node"); + + fdt_setprop_u64(fdt_data, chosen, "netbsd,rndseed-start", + rndseed_addr); + fdt_setprop_u64(fdt_data, chosen, "netbsd,rndseed-end", + rndseed_addr + rndseed_size); +} diff --git a/sys/stand/efiboot/efifdt.h b/sys/stand/efiboot/efifdt.h index 36b1bb8c7ad7..79932e62b7df 100644 --- a/sys/stand/efiboot/efifdt.h +++ b/sys/stand/efiboot/efifdt.h @@ -37,5 +37,6 @@ int efi_fdt_overlay_apply(void *, int *); void efi_fdt_show(void); void efi_fdt_bootargs(const char *); void efi_fdt_initrd(u_long, u_long); +void efi_fdt_rndseed(u_long, u_long); void efi_fdt_init(u_long, u_long); void efi_fdt_fini(void); diff --git a/sys/stand/efiboot/exec.c b/sys/stand/efiboot/exec.c index 2e773c09a04c..66f09eb3f4f9 100644 --- a/sys/stand/efiboot/exec.c +++ b/sys/stand/efiboot/exec.c @@ -39,8 +39,8 @@ u_long load_offset = 0; #define FDT_SPACE (4 * 1024 * 1024) #define FDT_ALIGN ((2 * 1024 * 1024) - 1) -static EFI_PHYSICAL_ADDRESS initrd_addr, dtb_addr; -static u_long initrd_size = 0, dtb_size = 0; +static EFI_PHYSICAL_ADDRESS initrd_addr, dtb_addr, rndseed_addr; +static u_long initrd_size = 0, dtb_size = 0, rndseed_size = 0; static int load_file(const char *path, u_long extra, bool quiet_errors, @@ -326,9 +326,19 @@ exec_netbsd(const char *fname, const char *args) } if (efi_fdt_size() > 0) { + /* + * Load the rndseed as late as possible -- after we + * have committed to using fdt and executing this + * kernel -- so that it doesn't hang around in memory + * if we have to bail or the kernel won't use it. + */ + load_file(get_rndseed_path(), 0, false, + &rndseed_addr, &rndseed_size); + efi_fdt_init((marks[MARK_END] + FDT_ALIGN) & ~FDT_ALIGN, FDT_ALIGN + 1); load_fdt_overlays(); efi_fdt_initrd(initrd_addr, initrd_size); + efi_fdt_rndseed(rndseed_addr, rndseed_size); efi_fdt_bootargs(args); #ifdef EFIBOOT_ACPI if (efi_acpi_available()) diff --git a/sys/stand/efiboot/version b/sys/stand/efiboot/version index 714b4a980520..ce08c1056b54 100644 --- a/sys/stand/efiboot/version +++ b/sys/stand/efiboot/version @@ -17,3 +17,4 @@ is taken as the current. 1.10: Add support for EFI GOP framebuffers in ACPI mode. 1.11: Add full UEFI memory map to /chosen node. 1.12: Derive ACPI model string from SMBIOS. +1.13: Add rndseed support.