[PATCH v8 3/3] arm64: Use v8.5-RNG entropy for KASLR seed

Mark Rutland mark.rutland at arm.com
Wed Jan 8 09:21:59 PST 2020


On Tue, Jan 07, 2020 at 06:35:40PM +0000, Mark Brown wrote:
> When seeding KALSR on a system where we have architecture level random
> number generation make use of that entropy, mixing it in with the seed
> passed by the bootloader. Since this is run very early in init before
> feature detection is complete we open code rather than use archrandom.h.
> 
> Signed-off-by: Mark Brown <broonie at kernel.org>
> ---
>  arch/arm64/kernel/kaslr.c | 15 ++++++++++++++-
>  1 file changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> index 2a11a962e571..fc38c4c25eb6 100644
> --- a/arch/arm64/kernel/kaslr.c
> +++ b/arch/arm64/kernel/kaslr.c
> @@ -81,7 +81,8 @@ static __init const u8 *kaslr_get_cmdline(void *fdt)
>  u64 __init kaslr_early_init(u64 dt_phys)
>  {
>  	void *fdt;
> -	u64 seed, offset, mask, module_range;
> +	u64 seed, offset, mask, module_range, ftr;
> +	unsigned long raw;
>  	const u8 *cmdline, *str;
>  	int size;
>  
> @@ -120,6 +121,18 @@ u64 __init kaslr_early_init(u64 dt_phys)
>  		return 0;
>  	}
>  
> +	/*
> +	 * Mix in any entropy obtainable architecturally, open coded
> +	 * since this runs extremely early.
> +	 */
> +	if (IS_ENABLED(CONFIG_ARCH_RANDOM)) {
> +		ftr = read_sysreg_s(SYS_ID_AA64ISAR0_EL1);
> +		if ((ftr >> ID_AA64ISAR0_RNDR_SHIFT) & 0xf) {
> +			if (__arm64_rndr(&raw))
> +				seed += raw;
> +		}
> +	}

This looks good. If we add the helper I suggest in patch 2, we can
reduce this down to:

	/* Mix in any entropy obtainable architecturally */
	if (__early_cpu_has_rndr()) {
		unsigned long raw;
		if (__arm64_rndr(&raw))
			seed += raw;
	}

... which keeps all the RNG bits in one place.

Thanks,
Mark.

> +
>  	if (!seed) {
>  		kaslr_status = KASLR_DISABLED_NO_SEED;
>  		return 0;
> -- 
> 2.20.1
> 



More information about the linux-arm-kernel mailing list