xref: /netbsd-src/sys/dev/fdt/fdt_boot.c (revision 780930d0626ac6dc97cde8bbf25a72c0576e8b14) 
1 /*	$NetBSD: fdt_boot.c,v 1.7 2024/12/20 07:55:45 mlelstv Exp $	*/
2 
3 /*-
4  * Copyright (c) 2015-2017 Jared McNeill <jmcneill@invisible.ca>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 /*-
30  * Copyright (c) 2022 The NetBSD Foundation, Inc.
31  * All rights reserved.
32  *
33  * This code is derived from software contributed to The NetBSD Foundation
34  * by Nick Hudson
35  *
36  * Redistribution and use in source and binary forms, with or without
37  * modification, are permitted provided that the following conditions
38  * are met:
39  * 1. Redistributions of source code must retain the above copyright
40  *    notice, this list of conditions and the following disclaimer.
41  * 2. Redistributions in binary form must reproduce the above copyright
42  *    notice, this list of conditions and the following disclaimer in the
43  *    documentation and/or other materials provided with the distribution.
44  *
45  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
46  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
47  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
48  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
49  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
50  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
51  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
52  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
53  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
55  * POSSIBILITY OF SUCH DAMAGE.
56  */
57 
58 #include <sys/cdefs.h>
59 __KERNEL_RCSID(0, "$NetBSD: fdt_boot.c,v 1.7 2024/12/20 07:55:45 mlelstv Exp $");
60 
61 #include "opt_efi.h"
62 #include "opt_md.h"
63 
64 #include <sys/param.h>
65 
66 #include <sys/bootblock.h>
67 #include <sys/disk.h>
68 #include <sys/disklabel.h>
69 #include <sys/fcntl.h>
70 #include <sys/md5.h>
71 #include <sys/optstr.h>
72 #include <sys/rnd.h>
73 #include <sys/rndsource.h>
74 #include <sys/uuid.h>
75 #include <sys/vnode.h>
76 
77 #include <net/if.h>
78 #include <net/if_dl.h>
79 
80 #include <uvm/uvm_extern.h>
81 
82 #include <libfdt.h>
83 
84 #include <dev/fdt/fdtvar.h>
85 #include <dev/fdt/fdt_boot.h>
86 #include <dev/fdt/fdt_memory.h>
87 
88 #ifndef FDT_MAX_BOOT_STRING
89 #define	FDT_MAX_BOOT_STRING	1024
90 #endif
91 static char bootargs[FDT_MAX_BOOT_STRING] = "";
92 
93 #ifdef EFI_RUNTIME
94 #include <machine/efirt.h>
95 
96 void fdt_map_efi_runtime(const char *, enum cpu_efirt_mem_type);
97 
98 #endif
99 
100 #ifdef MEMORY_DISK_DYNAMIC
101 #include <dev/md.h>
102 
103 static uint64_t initrd_start, initrd_end;
104 #endif
105 
106 static uint64_t rndseed_start, rndseed_end; /* our on-disk seed */
107 static uint64_t efirng_start, efirng_end;   /* firmware's EFI RNG output */
108 static struct krndsource efirng_source;
109 
110 
111 static void
112 fdt_probe_range(const char *startname, const char *endname,
113     uint64_t *pstart, uint64_t *pend)
114 {
115 	int chosen, len;
116 	const void *start_data, *end_data;
117 
118 	*pstart = *pend = 0;
119 
120 	chosen = OF_finddevice("/chosen");
121 	if (chosen < 0)
122 		return;
123 
124 	start_data = fdtbus_get_prop(chosen, startname, &len);
125 	end_data = fdtbus_get_prop(chosen, endname, NULL);
126 	if (start_data == NULL || end_data == NULL)
127 		return;
128 
129 	switch (len) {
130 	case 4:
131 		*pstart = be32dec(start_data);
132 		*pend = be32dec(end_data);
133 		break;
134 	case 8:
135 		*pstart = be64dec(start_data);
136 		*pend = be64dec(end_data);
137 		break;
138 	default:
139 		printf("Unsupported len %d for /chosen `%s'\n",
140 		    len, startname);
141 		return;
142 	}
143 }
144 
145 
146 static void *
147 fdt_map_range(uint64_t start, uint64_t end, uint64_t *psize,
148     const char *purpose)
149 {
150 	const paddr_t startpa = trunc_page(start);
151 	const paddr_t endpa = round_page(end);
152 	paddr_t pa;
153 	vaddr_t va;
154 	void *ptr;
155 
156 	*psize = end - start;
157 	if (*psize == 0)
158 		return NULL;
159 
160 	const vaddr_t voff = start & PAGE_MASK;
161 
162 	// XXX NH add an align so map_chunk works betterer?
163 	va = uvm_km_alloc(kernel_map, endpa - startpa, 0,
164 	    UVM_KMF_VAONLY | UVM_KMF_NOWAIT);
165 	if (va == 0) {
166 		printf("Failed to allocate VA for %s\n", purpose);
167 		return NULL;
168 	}
169 	ptr = (void *)(va + voff);
170 
171 	// XXX NH map chunk
172 	for (pa = startpa; pa < endpa; pa += PAGE_SIZE, va += PAGE_SIZE)
173 		pmap_kenter_pa(va, pa, VM_PROT_READ | VM_PROT_WRITE, 0);
174 	pmap_update(pmap_kernel());
175 
176 	return ptr;
177 }
178 
179 static void
180 fdt_unmap_range(void *ptr, uint64_t size)
181 {
182 	const char *start = ptr, *end = start + size;
183 	const vaddr_t startva = trunc_page((vaddr_t)(uintptr_t)start);
184 	const vaddr_t endva = round_page((vaddr_t)(uintptr_t)end);
185 	const vsize_t sz = endva - startva;
186 
187 	pmap_kremove(startva, sz);
188 	pmap_update(pmap_kernel());
189 
190 	uvm_km_free(kernel_map, startva, sz, UVM_KMF_VAONLY);
191 }
192 
193 char *
194 fdt_get_bootargs(void)
195 {
196 	const int chosen = OF_finddevice("/chosen");
197 
198 	if (chosen >= 0)
199 		OF_getprop(chosen, "bootargs", bootargs, sizeof(bootargs));
200 	return bootargs;
201 }
202 
203 void
204 fdt_probe_initrd(void)
205 {
206 
207 #ifdef MEMORY_DISK_DYNAMIC
208 	fdt_probe_range("linux,initrd-start", "linux,initrd-end",
209 	    &initrd_start, &initrd_end);
210 #endif
211 }
212 
213 void
214 fdt_setup_initrd(void)
215 {
216 #ifdef MEMORY_DISK_DYNAMIC
217 	void *md_start;
218 	uint64_t initrd_size;
219 
220 	md_start = fdt_map_range(initrd_start, initrd_end, &initrd_size,
221 	    "initrd");
222 	if (md_start == NULL)
223 		return;
224 	md_root_setconf(md_start, initrd_size);
225 #endif
226 }
227 
228 void
229 fdt_reserve_initrd(void)
230 {
231 #ifdef MEMORY_DISK_DYNAMIC
232 	const uint64_t initrd_size =
233 	    round_page(initrd_end) - trunc_page(initrd_start);
234 
235 	if (initrd_size > 0)
236 		fdt_memory_remove_range(trunc_page(initrd_start), initrd_size);
237 #endif
238 }
239 
240 void
241 fdt_probe_rndseed(void)
242 {
243 
244 	fdt_probe_range("netbsd,rndseed-start", "netbsd,rndseed-end",
245 	    &rndseed_start, &rndseed_end);
246 }
247 
248 void
249 fdt_setup_rndseed(void)
250 {
251 	uint64_t rndseed_size;
252 	void *rndseed;
253 
254 	rndseed = fdt_map_range(rndseed_start, rndseed_end, &rndseed_size,
255 	    "rndseed");
256 	if (rndseed == NULL)
257 		return;
258 	rnd_seed(rndseed, rndseed_size);
259 	fdt_unmap_range(rndseed, rndseed_size);
260 }
261 
262 void
263 fdt_reserve_rndseed(void)
264 {
265 	const uint64_t rndseed_size =
266 	    round_page(rndseed_end) - trunc_page(rndseed_start);
267 
268 	if (rndseed_size > 0)
269 		fdt_memory_remove_range(trunc_page(rndseed_start),
270 		    rndseed_size);
271 }
272 
273 void
274 fdt_probe_efirng(void)
275 {
276 
277 	fdt_probe_range("netbsd,efirng-start", "netbsd,efirng-end",
278 	    &efirng_start, &efirng_end);
279 }
280 
281 void
282 fdt_setup_efirng(void)
283 {
284 	uint64_t efirng_size;
285 	void *efirng;
286 
287 	efirng = fdt_map_range(efirng_start, efirng_end, &efirng_size,
288 	    "efirng");
289 	if (efirng == NULL)
290 		return;
291 
292 	rnd_attach_source(&efirng_source, "efirng", RND_TYPE_RNG,
293 	    RND_FLAG_DEFAULT);
294 
295 	/*
296 	 * We don't really have specific information about the physical
297 	 * process underlying the data provided by the firmware via the
298 	 * EFI RNG API, so the entropy estimate here is heuristic.
299 	 * What efiboot provides us is up to 4096 bytes of data from
300 	 * the EFI RNG API, although in principle it may return short.
301 	 *
302 	 * The UEFI Specification (2.8 Errata A, February 2020[1]) says
303 	 *
304 	 *	When a Deterministic Random Bit Generator (DRBG) is
305 	 *	used on the output of a (raw) entropy source, its
306 	 *	security level must be at least 256 bits.
307 	 *
308 	 * It's not entirely clear whether `it' refers to the DRBG or
309 	 * the entropy source; if it refers to the DRBG, it's not
310 	 * entirely clear how ANSI X9.31 3DES, one of the options for
311 	 * DRBG in the UEFI spec, can provide a `256-bit security
312 	 * level' because it has only 232 bits of inputs (three 56-bit
313 	 * keys and one 64-bit block).  That said, even if it provides
314 	 * only 232 bits of entropy, that's enough to prevent all
315 	 * attacks and we probably get a few more bits from sampling
316 	 * the clock anyway.
317 	 *
318 	 * In the event we get raw samples, e.g. the bits sampled by a
319 	 * ring oscillator, we hope that the samples have at least half
320 	 * a bit of entropy per bit of data -- and efiboot tries to
321 	 * draw 4096 bytes to provide plenty of slop.  Hence we divide
322 	 * the total number of bits by two and clamp at 256.  There are
323 	 * ways this could go wrong, but on most machines it should
324 	 * behave reasonably.
325 	 *
326 	 * [1] https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf
327 	 */
328 	rnd_add_data(&efirng_source, efirng, efirng_size,
329 	    MIN(256, efirng_size*NBBY/2));
330 
331 	explicit_memset(efirng, 0, efirng_size);
332 	fdt_unmap_range(efirng, efirng_size);
333 }
334 
335 void
336 fdt_reserve_efirng(void)
337 {
338 	const uint64_t efirng_size =
339 	    round_page(efirng_end) - trunc_page(efirng_start);
340 
341 	if (efirng_size > 0)
342 		fdt_memory_remove_range(trunc_page(efirng_start), efirng_size);
343 }
344 
345 #ifdef EFI_RUNTIME
346 void
347 fdt_map_efi_runtime(const char *prop, enum cpu_efirt_mem_type type)
348 {
349 	int len;
350 
351 	const int chosen_off = fdt_path_offset(fdtbus_get_data(), "/chosen");
352 	if (chosen_off < 0)
353 		return;
354 
355 	const uint64_t *map = fdt_getprop(fdtbus_get_data(), chosen_off, prop, &len);
356 	if (map == NULL)
357 		return;
358 
359 	while (len >= 24) {
360 		const paddr_t pa = be64toh(map[0]);
361 		const vaddr_t va = be64toh(map[1]);
362 		const size_t sz = be64toh(map[2]);
363 #if 0
364 		VPRINTF("%s: %s %#" PRIxPADDR "-%#" PRIxVADDR " (%#" PRIxVADDR
365 		    "-%#" PRIxVSIZE ")\n", __func__, prop, pa, pa + sz - 1,
366 		    va, va + sz - 1);
367 #endif
368 		cpu_efirt_map_range(va, pa, sz, type);
369 		map += 3;
370 		len -= 24;
371 	}
372 }
373 #endif
374 
375 void
376 fdt_update_stdout_path(void *fdt, const char *boot_args)
377 {
378 	const char *stdout_path;
379 	char buf[256];
380 
381 	const int chosen_off = fdt_path_offset(fdt, "/chosen");
382 	if (chosen_off == -1)
383 		return;
384 
385 	if (optstr_get_string(boot_args, "stdout-path", &stdout_path) == false)
386 		return;
387 
388 	const char *ep = strchr(stdout_path, ' ');
389 	size_t stdout_path_len = ep ? (ep - stdout_path) : strlen(stdout_path);
390 	if (stdout_path_len >= sizeof(buf))
391 		return;
392 
393 	strncpy(buf, stdout_path, stdout_path_len);
394 	buf[stdout_path_len] = '\0';
395 	fdt_setprop(fdt, chosen_off, "stdout-path",
396 	    buf, stdout_path_len + 1);
397 }
398 
399 static void
400 fdt_detect_root_device(device_t dev)
401 {
402 	int error, len;
403 
404 	const int chosen = OF_finddevice("/chosen");
405 	if (chosen < 0)
406 		return;
407 
408 	if (of_hasprop(chosen, "netbsd,mbr") &&
409 	    of_hasprop(chosen, "netbsd,partition")) {
410 		struct mbr_sector mbr;
411 		uint8_t buf[DEV_BSIZE];
412 		uint8_t hash[16];
413 		const uint8_t *rhash;
414 		struct vnode *vp;
415 		MD5_CTX md5ctx;
416 		size_t resid;
417 		u_int part;
418 
419 		/*
420 		 * The bootloader has passed in a partition index and MD5 hash
421 		 * of the MBR sector. Read the MBR of this device, calculate the
422 		 * hash, and compare it with the value passed in.
423 		 */
424 		rhash = fdtbus_get_prop(chosen, "netbsd,mbr", &len);
425 		if (rhash == NULL || len != 16)
426 			return;
427 		of_getprop_uint32(chosen, "netbsd,partition", &part);
428 		if (part >= MAXPARTITIONS)
429 			return;
430 
431 		vp = opendisk(dev);
432 		if (!vp)
433 			return;
434 		error = vn_rdwr(UIO_READ, vp, buf, sizeof(buf), 0, UIO_SYSSPACE,
435 		    IO_NODELOCKED, NOCRED, &resid, NULL);
436 		VOP_CLOSE(vp, FREAD, NOCRED);
437 		vput(vp);
438 
439 		if (error != 0)
440 			return;
441 
442 		memcpy(&mbr, buf, sizeof(mbr));
443 		MD5Init(&md5ctx);
444 		MD5Update(&md5ctx, (void *)&mbr, sizeof(mbr));
445 		MD5Final(hash, &md5ctx);
446 
447 		if (memcmp(rhash, hash, 16) == 0) {
448 			booted_device = dev;
449 			booted_partition = part;
450 		}
451 
452 		return;
453 	}
454 
455 	if (of_hasprop(chosen, "netbsd,gpt-guid")) {
456 		const struct uuid *guid =
457 		    fdtbus_get_prop(chosen, "netbsd,gpt-guid", &len);
458 
459 		if (guid == NULL || len != 16)
460 			return;
461 
462 		char guidstr[UUID_STR_LEN];
463 		uuid_snprintf(guidstr, sizeof(guidstr), guid);
464 
465 		device_t dv = dkwedge_find_by_wname(guidstr);
466 		if (dv != NULL)
467 			booted_device = dv;
468 
469 		return;
470 	}
471 
472 	if (of_hasprop(chosen, "netbsd,gpt-label")) {
473 		const char *label = fdtbus_get_string(chosen, "netbsd,gpt-label");
474 		if (label == NULL || *label == '\0')
475 			return;
476 
477 		device_t dv = dkwedge_find_by_wname(label);
478 		if (dv != NULL)
479 			booted_device = dv;
480 
481 		return;
482 	}
483 
484 	if (of_hasprop(chosen, "netbsd,booted-mac-address")) {
485 		const uint8_t *macaddr =
486 		    fdtbus_get_prop(chosen, "netbsd,booted-mac-address", &len);
487 		struct ifnet *ifp;
488 
489 		if (macaddr == NULL || len != 6)
490 			return;
491 
492 		int s = pserialize_read_enter();
493 		IFNET_READER_FOREACH(ifp) {
494 			if (memcmp(macaddr, CLLADDR(ifp->if_sadl), len) == 0) {
495 				device_t dv = device_find_by_xname(ifp->if_xname);
496 				if (dv != NULL)
497 					booted_device = dv;
498 				break;
499 			}
500 		}
501 		pserialize_read_exit(s);
502 
503 		return;
504 	}
505 }
506 
507 void
508 fdt_cpu_rootconf(void)
509 {
510 	device_t dev;
511 	deviter_t di;
512 
513 	if (booted_device != NULL)
514 		return;
515 
516 	for (dev = deviter_first(&di, 0); dev; dev = deviter_next(&di)) {
517 		if (device_class(dev) != DV_DISK)
518 			continue;
519 
520 		fdt_detect_root_device(dev);
521 
522 		if (booted_device != NULL)
523 			break;
524 	}
525 	deviter_release(&di);
526 }
527