Skip to content

Commit

Permalink
patches: uboot: Improve KASLR support for v2024.07 (#7078)
Browse files Browse the repository at this point in the history 
Reference patch set: https://patchwork.ozlabs.org/project/uboot/list/?series=411513&state=*

Hopefully, other boards using same uboot-version can benefit from the added support.

**Note for Maintainers -  to enable KASLR seed, you need:**
	- `CONFIG_RANDOMIZE_BASE=y` configured in your kernel .config
	- `CONFIG_CMD_KASLRSEED=y` and` CONFIG_DM_RNG=y` configure in your u-boot .config
	- exposed crypto and rng nodes in you board's device-tree
	- `kasrlseed` command before kernel boot in your boot.cmd
	- `CONFIG_SECURITY_DMESG_RESTRICT=y` in kernel .config is also advisable

* KASRL-supported u-boot 2024.07 for everyone:
- move /chosen/kaslr-seed support patchset to general 2024.07 BOOTPATCHDIR
- attach nanopi-r5c and oprangepi5-plus BOOTPACHDIR to patches/uboot/v2024.07 general dir

* u-boot: patch nanopi-r5c-rk3568_defconfig and orangepi-5-plus-rk3588_defconfig to enable KASLR

* rewrite-uboot-patches nanopi-r5c/orangepi5-plus

* patches: uboot: Improve kaslrseed support for v2024.07

---------

Co-authored-by: ColorfulRhino <131405023+ColorfulRhino@users.noreply.github.com>
  • Loading branch information
@alexl83 @ColorfulRhino
alexl83 and ColorfulRhino authored Aug 15, 2024
1 parent 4835dce commit 314447d
Show file tree
Hide file tree
Showing 22 changed files with 581 additions and 1,025 deletions.
2 changes: 1 addition & 1 deletion config/boards/nanopi-r5c.csc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ FULL_DESKTOP="no"
BOOT_LOGO="desktop"

BOOTBRANCH_BOARD="tag:v2024.07"
BOOTPATCHDIR="v2024.07/board_${BOARD}"
BOOTPATCHDIR="v2024.07"
BOOTCONFIG="nanopi-r5c-rk3568_defconfig"

OVERLAY_PREFIX="rockchip-rk3568"
Expand Down
2 changes: 1 addition & 1 deletion config/boards/orangepi5-plus.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ function post_family_config_branch_edge__orangepi5plus_use_mainline_uboot() {
declare -g BOOTDELAY=1 # Wait for UART interrupt to enter UMS/RockUSB mode etc
declare -g BOOTSOURCE="https://github.com/u-boot/u-boot.git" # We ❤️ mainline U-Boot
declare -g BOOTBRANCH="tag:v2024.07"
declare -g BOOTPATCHDIR="v2024.07/board_${BOARD}"
declare -g BOOTPATCHDIR="v2024.07"
declare -g BOOTDIR="u-boot-${BOARD}" # do not share u-boot directory
declare -g UBOOT_TARGET_MAP="BL31=${RKBIN_DIR}/${BL31_BLOB} ROCKCHIP_TPL=${RKBIN_DIR}/${DDR_BLOB};;u-boot-rockchip.bin u-boot-rockchip-spi.bin"
unset uboot_custom_postprocess write_uboot_platform write_uboot_platform_mtd # disable stuff from rockchip64_common; we're using binman here which does all the work already
Expand Down
Loading

0 comments on commit 314447d

Please sign in to comment.