On Fri, Nov 4, 2022 at 8:46 PM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
>
> FDT is examined so early that it's before the first incidental call to
> parse_early_param(). This is similar to EFI, except EFI actually added
> an explicitly call to parse_early_param(). Let's do the same here, so
> that specifying `random.trust_bootloader=0` is not ignored.
>
> Fixes: d97c68d178fb ("random: treat bootloader trust toggle the same way as cpu trust toggle")
> Cc: Rob Herring <robh@xxxxxxxxxx>
> Cc: Frank Rowand <frowand.list@xxxxxxxxx>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> ---
> drivers/of/fdt.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
> index 7b571a631639..6d959117fd4f 100644
> --- a/drivers/of/fdt.c
> +++ b/drivers/of/fdt.c
> @@ -1195,6 +1195,9 @@ int __init early_init_dt_scan_chosen(char *cmdline)
>
> rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l);
> if (rng_seed && l > 0) {
> + /* Parse random.trust_bootloader if it's in command line. */
> + parse_early_param();
I don't think it's good that the timing of calling this is dependent
on "rng-seed" being present or not. So perhaps move it up to after the
cmdline is set.
Either way, the other issue is the cmdline is not necessarily fixed at
this point with some architectures doing their own
append/prepend/override of the cmdline. We can't seem to get common
implementation there finished. I'm doubtful that corner case would
actually be hit though.
Rob
