[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/arm: add control knob to disable kaslr_seed via DTB
From: |
Peter Maydell |
Subject: |
Re: [PATCH] hw/arm: add control knob to disable kaslr_seed via DTB |
Date: |
Wed, 15 Dec 2021 13:36:07 +0000 |
On Wed, 15 Dec 2021 at 12:09, Alex Bennée <alex.bennee@linaro.org> wrote:
>
> Generally a guest needs an external source of randomness to properly
> enable things like address space randomisation. However in a trusted
> boot environment where the firmware will cryptographically verify
> components having random data in the DTB will cause verification to
> fail. Add a control knob so we can prevent this being added to the
> system DTB.
Given that the DTB is automatically generated for the virt board,
firmware has no way to guarantee that it's the same every time
anyway, surely ?
-- PMM