1 /* $NetBSD: fdt_boot.c,v 1.7 2024/12/20 07:55:45 mlelstv Exp $ */ 2 3 /*- 4 * Copyright (c) 2015-2017 Jared McNeill <jmcneill (at) invisible.ca> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 /*- 30 * Copyright (c) 2022 The NetBSD Foundation, Inc. 31 * All rights reserved. 32 * 33 * This code is derived from software contributed to The NetBSD Foundation 34 * by Nick Hudson 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 46 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 47 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 48 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 49 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 50 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 51 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 52 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 53 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 54 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 55 * POSSIBILITY OF SUCH DAMAGE. 56 */ 57 58 #include <sys/cdefs.h> 59 __KERNEL_RCSID(0, "$NetBSD: fdt_boot.c,v 1.7 2024/12/20 07:55:45 mlelstv Exp $"); 60 61 #include "opt_efi.h" 62 #include "opt_md.h" 63 64 #include <sys/param.h> 65 66 #include <sys/bootblock.h> 67 #include <sys/disk.h> 68 #include <sys/disklabel.h> 69 #include <sys/fcntl.h> 70 #include <sys/md5.h> 71 #include <sys/optstr.h> 72 #include <sys/rnd.h> 73 #include <sys/rndsource.h> 74 #include <sys/uuid.h> 75 #include <sys/vnode.h> 76 77 #include <net/if.h> 78 #include <net/if_dl.h> 79 80 #include <uvm/uvm_extern.h> 81 82 #include <libfdt.h> 83 84 #include <dev/fdt/fdtvar.h> 85 #include <dev/fdt/fdt_boot.h> 86 #include <dev/fdt/fdt_memory.h> 87 88 #ifndef FDT_MAX_BOOT_STRING 89 #define FDT_MAX_BOOT_STRING 1024 90 #endif 91 static char bootargs[FDT_MAX_BOOT_STRING] = ""; 92 93 #ifdef EFI_RUNTIME 94 #include <machine/efirt.h> 95 96 void fdt_map_efi_runtime(const char *, enum cpu_efirt_mem_type); 97 98 #endif 99 100 #ifdef MEMORY_DISK_DYNAMIC 101 #include <dev/md.h> 102 103 static uint64_t initrd_start, initrd_end; 104 #endif 105 106 static uint64_t rndseed_start, rndseed_end; /* our on-disk seed */ 107 static uint64_t efirng_start, efirng_end; /* firmware's EFI RNG output */ 108 static struct krndsource efirng_source; 109 110 111 static void 112 fdt_probe_range(const char *startname, const char *endname, 113 uint64_t *pstart, uint64_t *pend) 114 { 115 int chosen, len; 116 const void *start_data, *end_data; 117 118 *pstart = *pend = 0; 119 120 chosen = OF_finddevice("/chosen"); 121 if (chosen < 0) 122 return; 123 124 start_data = fdtbus_get_prop(chosen, startname, &len); 125 end_data = fdtbus_get_prop(chosen, endname, NULL); 126 if (start_data == NULL || end_data == NULL) 127 return; 128 129 switch (len) { 130 case 4: 131 *pstart = be32dec(start_data); 132 *pend = be32dec(end_data); 133 break; 134 case 8: 135 *pstart = be64dec(start_data); 136 *pend = be64dec(end_data); 137 break; 138 default: 139 printf("Unsupported len %d for /chosen `%s'\n", 140 len, startname); 141 return; 142 } 143 } 144 145 146 static void * 147 fdt_map_range(uint64_t start, uint64_t end, uint64_t *psize, 148 const char *purpose) 149 { 150 const paddr_t startpa = trunc_page(start); 151 const paddr_t endpa = round_page(end); 152 paddr_t pa; 153 vaddr_t va; 154 void *ptr; 155 156 *psize = end - start; 157 if (*psize == 0) 158 return NULL; 159 160 const vaddr_t voff = start & PAGE_MASK; 161 162 // XXX NH add an align so map_chunk works betterer? 163 va = uvm_km_alloc(kernel_map, endpa - startpa, 0, 164 UVM_KMF_VAONLY | UVM_KMF_NOWAIT); 165 if (va == 0) { 166 printf("Failed to allocate VA for %s\n", purpose); 167 return NULL; 168 } 169 ptr = (void *)(va + voff); 170 171 // XXX NH map chunk 172 for (pa = startpa; pa < endpa; pa += PAGE_SIZE, va += PAGE_SIZE) 173 pmap_kenter_pa(va, pa, VM_PROT_READ | VM_PROT_WRITE, 0); 174 pmap_update(pmap_kernel()); 175 176 return ptr; 177 } 178 179 static void 180 fdt_unmap_range(void *ptr, uint64_t size) 181 { 182 const char *start = ptr, *end = start + size; 183 const vaddr_t startva = trunc_page((vaddr_t)(uintptr_t)start); 184 const vaddr_t endva = round_page((vaddr_t)(uintptr_t)end); 185 const vsize_t sz = endva - startva; 186 187 pmap_kremove(startva, sz); 188 pmap_update(pmap_kernel()); 189 190 uvm_km_free(kernel_map, startva, sz, UVM_KMF_VAONLY); 191 } 192 193 char * 194 fdt_get_bootargs(void) 195 { 196 const int chosen = OF_finddevice("/chosen"); 197 198 if (chosen >= 0) 199 OF_getprop(chosen, "bootargs", bootargs, sizeof(bootargs)); 200 return bootargs; 201 } 202 203 void 204 fdt_probe_initrd(void) 205 { 206 207 #ifdef MEMORY_DISK_DYNAMIC 208 fdt_probe_range("linux,initrd-start", "linux,initrd-end", 209 &initrd_start, &initrd_end); 210 #endif 211 } 212 213 void 214 fdt_setup_initrd(void) 215 { 216 #ifdef MEMORY_DISK_DYNAMIC 217 void *md_start; 218 uint64_t initrd_size; 219 220 md_start = fdt_map_range(initrd_start, initrd_end, &initrd_size, 221 "initrd"); 222 if (md_start == NULL) 223 return; 224 md_root_setconf(md_start, initrd_size); 225 #endif 226 } 227 228 void 229 fdt_reserve_initrd(void) 230 { 231 #ifdef MEMORY_DISK_DYNAMIC 232 const uint64_t initrd_size = 233 round_page(initrd_end) - trunc_page(initrd_start); 234 235 if (initrd_size > 0) 236 fdt_memory_remove_range(trunc_page(initrd_start), initrd_size); 237 #endif 238 } 239 240 void 241 fdt_probe_rndseed(void) 242 { 243 244 fdt_probe_range("netbsd,rndseed-start", "netbsd,rndseed-end", 245 &rndseed_start, &rndseed_end); 246 } 247 248 void 249 fdt_setup_rndseed(void) 250 { 251 uint64_t rndseed_size; 252 void *rndseed; 253 254 rndseed = fdt_map_range(rndseed_start, rndseed_end, &rndseed_size, 255 "rndseed"); 256 if (rndseed == NULL) 257 return; 258 rnd_seed(rndseed, rndseed_size); 259 fdt_unmap_range(rndseed, rndseed_size); 260 } 261 262 void 263 fdt_reserve_rndseed(void) 264 { 265 const uint64_t rndseed_size = 266 round_page(rndseed_end) - trunc_page(rndseed_start); 267 268 if (rndseed_size > 0) 269 fdt_memory_remove_range(trunc_page(rndseed_start), 270 rndseed_size); 271 } 272 273 void 274 fdt_probe_efirng(void) 275 { 276 277 fdt_probe_range("netbsd,efirng-start", "netbsd,efirng-end", 278 &efirng_start, &efirng_end); 279 } 280 281 void 282 fdt_setup_efirng(void) 283 { 284 uint64_t efirng_size; 285 void *efirng; 286 287 efirng = fdt_map_range(efirng_start, efirng_end, &efirng_size, 288 "efirng"); 289 if (efirng == NULL) 290 return; 291 292 rnd_attach_source(&efirng_source, "efirng", RND_TYPE_RNG, 293 RND_FLAG_DEFAULT); 294 295 /* 296 * We don't really have specific information about the physical 297 * process underlying the data provided by the firmware via the 298 * EFI RNG API, so the entropy estimate here is heuristic. 299 * What efiboot provides us is up to 4096 bytes of data from 300 * the EFI RNG API, although in principle it may return short. 301 * 302 * The UEFI Specification (2.8 Errata A, February 2020[1]) says 303 * 304 * When a Deterministic Random Bit Generator (DRBG) is 305 * used on the output of a (raw) entropy source, its 306 * security level must be at least 256 bits. 307 * 308 * It's not entirely clear whether `it' refers to the DRBG or 309 * the entropy source; if it refers to the DRBG, it's not 310 * entirely clear how ANSI X9.31 3DES, one of the options for 311 * DRBG in the UEFI spec, can provide a `256-bit security 312 * level' because it has only 232 bits of inputs (three 56-bit 313 * keys and one 64-bit block). That said, even if it provides 314 * only 232 bits of entropy, that's enough to prevent all 315 * attacks and we probably get a few more bits from sampling 316 * the clock anyway. 317 * 318 * In the event we get raw samples, e.g. the bits sampled by a 319 * ring oscillator, we hope that the samples have at least half 320 * a bit of entropy per bit of data -- and efiboot tries to 321 * draw 4096 bytes to provide plenty of slop. Hence we divide 322 * the total number of bits by two and clamp at 256. There are 323 * ways this could go wrong, but on most machines it should 324 * behave reasonably. 325 * 326 * [1] https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf 327 */ 328 rnd_add_data(&efirng_source, efirng, efirng_size, 329 MIN(256, efirng_size*NBBY/2)); 330 331 explicit_memset(efirng, 0, efirng_size); 332 fdt_unmap_range(efirng, efirng_size); 333 } 334 335 void 336 fdt_reserve_efirng(void) 337 { 338 const uint64_t efirng_size = 339 round_page(efirng_end) - trunc_page(efirng_start); 340 341 if (efirng_size > 0) 342 fdt_memory_remove_range(trunc_page(efirng_start), efirng_size); 343 } 344 345 #ifdef EFI_RUNTIME 346 void 347 fdt_map_efi_runtime(const char *prop, enum cpu_efirt_mem_type type) 348 { 349 int len; 350 351 const int chosen_off = fdt_path_offset(fdtbus_get_data(), "/chosen"); 352 if (chosen_off < 0) 353 return; 354 355 const uint64_t *map = fdt_getprop(fdtbus_get_data(), chosen_off, prop, &len); 356 if (map == NULL) 357 return; 358 359 while (len >= 24) { 360 const paddr_t pa = be64toh(map[0]); 361 const vaddr_t va = be64toh(map[1]); 362 const size_t sz = be64toh(map[2]); 363 #if 0 364 VPRINTF("%s: %s %#" PRIxPADDR "-%#" PRIxVADDR " (%#" PRIxVADDR 365 "-%#" PRIxVSIZE ")\n", __func__, prop, pa, pa + sz - 1, 366 va, va + sz - 1); 367 #endif 368 cpu_efirt_map_range(va, pa, sz, type); 369 map += 3; 370 len -= 24; 371 } 372 } 373 #endif 374 375 void 376 fdt_update_stdout_path(void *fdt, const char *boot_args) 377 { 378 const char *stdout_path; 379 char buf[256]; 380 381 const int chosen_off = fdt_path_offset(fdt, "/chosen"); 382 if (chosen_off == -1) 383 return; 384 385 if (optstr_get_string(boot_args, "stdout-path", &stdout_path) == false) 386 return; 387 388 const char *ep = strchr(stdout_path, ' '); 389 size_t stdout_path_len = ep ? (ep - stdout_path) : strlen(stdout_path); 390 if (stdout_path_len >= sizeof(buf)) 391 return; 392 393 strncpy(buf, stdout_path, stdout_path_len); 394 buf[stdout_path_len] = '\0'; 395 fdt_setprop(fdt, chosen_off, "stdout-path", 396 buf, stdout_path_len + 1); 397 } 398 399 static void 400 fdt_detect_root_device(device_t dev) 401 { 402 int error, len; 403 404 const int chosen = OF_finddevice("/chosen"); 405 if (chosen < 0) 406 return; 407 408 if (of_hasprop(chosen, "netbsd,mbr") && 409 of_hasprop(chosen, "netbsd,partition")) { 410 struct mbr_sector mbr; 411 uint8_t buf[DEV_BSIZE]; 412 uint8_t hash[16]; 413 const uint8_t *rhash; 414 struct vnode *vp; 415 MD5_CTX md5ctx; 416 size_t resid; 417 u_int part; 418 419 /* 420 * The bootloader has passed in a partition index and MD5 hash 421 * of the MBR sector. Read the MBR of this device, calculate the 422 * hash, and compare it with the value passed in. 423 */ 424 rhash = fdtbus_get_prop(chosen, "netbsd,mbr", &len); 425 if (rhash == NULL || len != 16) 426 return; 427 of_getprop_uint32(chosen, "netbsd,partition", &part); 428 if (part >= MAXPARTITIONS) 429 return; 430 431 vp = opendisk(dev); 432 if (!vp) 433 return; 434 error = vn_rdwr(UIO_READ, vp, buf, sizeof(buf), 0, UIO_SYSSPACE, 435 IO_NODELOCKED, NOCRED, &resid, NULL); 436 VOP_CLOSE(vp, FREAD, NOCRED); 437 vput(vp); 438 439 if (error != 0) 440 return; 441 442 memcpy(&mbr, buf, sizeof(mbr)); 443 MD5Init(&md5ctx); 444 MD5Update(&md5ctx, (void *)&mbr, sizeof(mbr)); 445 MD5Final(hash, &md5ctx); 446 447 if (memcmp(rhash, hash, 16) == 0) { 448 booted_device = dev; 449 booted_partition = part; 450 } 451 452 return; 453 } 454 455 if (of_hasprop(chosen, "netbsd,gpt-guid")) { 456 const struct uuid *guid = 457 fdtbus_get_prop(chosen, "netbsd,gpt-guid", &len); 458 459 if (guid == NULL || len != 16) 460 return; 461 462 char guidstr[UUID_STR_LEN]; 463 uuid_snprintf(guidstr, sizeof(guidstr), guid); 464 465 device_t dv = dkwedge_find_by_wname(guidstr); 466 if (dv != NULL) 467 booted_device = dv; 468 469 return; 470 } 471 472 if (of_hasprop(chosen, "netbsd,gpt-label")) { 473 const char *label = fdtbus_get_string(chosen, "netbsd,gpt-label"); 474 if (label == NULL || *label == '\0') 475 return; 476 477 device_t dv = dkwedge_find_by_wname(label); 478 if (dv != NULL) 479 booted_device = dv; 480 481 return; 482 } 483 484 if (of_hasprop(chosen, "netbsd,booted-mac-address")) { 485 const uint8_t *macaddr = 486 fdtbus_get_prop(chosen, "netbsd,booted-mac-address", &len); 487 struct ifnet *ifp; 488 489 if (macaddr == NULL || len != 6) 490 return; 491 492 int s = pserialize_read_enter(); 493 IFNET_READER_FOREACH(ifp) { 494 if (memcmp(macaddr, CLLADDR(ifp->if_sadl), len) == 0) { 495 device_t dv = device_find_by_xname(ifp->if_xname); 496 if (dv != NULL) 497 booted_device = dv; 498 break; 499 } 500 } 501 pserialize_read_exit(s); 502 503 return; 504 } 505 } 506 507 void 508 fdt_cpu_rootconf(void) 509 { 510 device_t dev; 511 deviter_t di; 512 513 if (booted_device != NULL) 514 return; 515 516 for (dev = deviter_first(&di, 0); dev; dev = deviter_next(&di)) { 517 if (device_class(dev) != DV_DISK) 518 continue; 519 520 fdt_detect_root_device(dev); 521 522 if (booted_device != NULL) 523 break; 524 } 525 deviter_release(&di); 526 } 527
Indexes created Sat Sep 20 22:09:52 GMT 2025