Hi Jason,
On Fri, Sep 23, 2022 at 2:47 PM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
In order to pass fresh entropy to kexec'd kernels, use BI_VIRT_RNG_SEED
for passing a seed, with the same semantics that kexec-tools currently
uses for i386's setup_data.
Cc: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
Thanks for your patch!
--- a/kexec/arch/m68k/bootinfo.c
+++ b/kexec/arch/m68k/bootinfo.c
@@ -135,40 +135,45 @@ void bootinfo_print(void)
size = bi->size;
switch (tag) {
case BI_MACHTYPE:
printf("BI_MACHTYPE: 0x%08x\n", bi->machtype);
break;
case BI_MEMCHUNK:
printf("BI_MEMCHUNK: 0x%08x bytes at 0x%08x\n",
bi->mem_info.size, bi->mem_info.addr);
break;
case BI_RAMDISK:
printf("BI_RAMDISK: 0x%08x bytes at 0x%08x\n",
bi->mem_info.size, bi->mem_info.addr);
break;
Hmm, lots of context.
case BI_COMMAND_LINE:
printf("BI_COMMAND_LINE: %s\n", bi->string);
break;
+ case BI_VIRT_RNG_SEED:
This won't work as expected: BI_VIRT_* tags are only valid if the
machine type is MACH_VIRT.
Worse, this will trigger for other platform-specific tags using the same value:
arch/m68k/include/uapi/asm/bootinfo-amiga.h:#define
BI_AMIGA_CHIPSET 0x8006 /* native chipset present (__be32) */
arch/m68k/include/uapi/asm/bootinfo-mac.h:#define BI_MAC_SCCBASE
0x8006 /* Mac SCC base address */
arch/m68k/include/uapi/asm/bootinfo-virt.h:#define
BI_VIRT_RNG_SEED 0x8006
+ /* These are secret, so never print them to the console */
+ printf("BI_VIRT_RNG_SEED: 0x%08x bytes\n", be16_to_cpu(bi->bytes.len));
+ break;
+
default:
printf("BI tag 0x%04x size %u\n", tag, size);
break;
}
bi = bi_next(bi, size);
}
}
}
+void bootinfo_add_rng_seed(void)
+{
+ struct bi_rec *bi;
+ enum { RNG_SEED_LEN = 32 };
+
+ /* Remove existing rng seed records */
+ bi_remove(BI_VIRT_RNG_SEED);
+
+ /* Add new rng seed record */
+ bi = bi_add(BI_VIRT_RNG_SEED, sizeof(bi->bytes) + RNG_SEED_LEN);
Likewise, this will destroy existing BI_AMIGA_CHIPSET and BI_MAC_SCCBASE
tags, breaking Amiga and Mac.
+ if (getrandom(bi->bytes.data, RNG_SEED_LEN, GRND_NONBLOCK) != RNG_SEED_LEN) {
+ bi_remove(BI_VIRT_RNG_SEED);
+ return;
+ }
+ bi->bytes.len = cpu_to_be16(RNG_SEED_LEN);
+}
+
As random seeds can now be generic, I think it makes sense to introduce
a machine-independent BI_RND_SEED.
In hindsight, we should have done this from the beginning...
--- a/kexec/arch/m68k/bootinfo.h
+++ b/kexec/arch/m68k/bootinfo.h
@@ -1,43 +1,49 @@
#include <asm/bootinfo.h>
+#include <asm/bootinfo-virt.h>
#define DEFAULT_BOOTINFO_FILE "/proc/bootinfo"
#define MAX_BOOTINFO_SIZE 1536
/*
* Convenience overlay of several struct bi_record variants
*/
struct bi_rec {
__be16 tag;
__be16 size;
union {
__be32 data[0];
/* shorthands for the types we use */
__be32 machtype;
struct {
__be32 addr;
__be32 size;
} mem_info;
char string[0];
+ struct {
+ __be16 len;
+ u8 data[0];
+ } bytes;
I'd rather call this rng_seed, to avoid confusion between "data"
and "bytes",
};
};
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
