[PATCH v2 1/3] digest.h: needs errno definitions

[PATCH v2 1/3] digest.h: needs errno definitions

[Bastian Krause]

From: Juergen Borleis <jbe@pengutronix.de>

digest_set_key() returns -ENOTSUPP conditionally, so include errno.h.

Fixes: 2f3c3f512b ("digest: add HMAC support for md5, sha1, sha224, sha256, sha384, sha512")
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
Changes since (implicit) v1:
  - no changes
---
 include/digest.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/digest.h b/include/digest.h
index 474bdd160a..176084146b 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -20,6 +20,7 @@
 #define __DIGEST_H__
 
 #include <linux/list.h>
+#include <errno.h>
 
 struct digest;
 
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 2/3] common: machine_id: introduce machine id generation and pass id on

[Bastian Krause]

By default systemd generates a machine id on first boot and tries to
persist it (see `man machine-id`). When the root file system is read-only
systemd cannot persist the machine id. In case multiple redundant slots
are used the machine id will vary. When not handled explicitly the
machine id will also change during updates.

It is possible to pass a machine id to the kernel which will be used by
systemd (systemd.machine_id=).

This adds functionality to pass device-specific information that will be
hashed to generate a persistent unique machine id. The machine id will
be finally added to the kernel parameters via the
linux.bootargs.machine_id global variable.

Note: if multiple sources provide hashable device-specific information
(via machine_id_set_hashable()) the information provided by the last call
prior to the late initcall set_machine_id() is used to generate the
machine id from. Thus when updating barebox the machine id might change.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
Changes since (implicit) v1:
  - depend on SHA1 instead of selecting DIGEST/DIGEST_SHA1_GENERIC
  - add note about multiple sources providing hashables to kconfig
  - add note about no hashable provided to kconfig
  - remove warning about "no hashable info provided" along with pr_fmt
  - make machine_id_set_hashable()'s hashable parameter const
  - make a copy of the hashable provided rather than storing the pointer
  - hash data instead of pointer address
  - use basprintf() and dedicated variables for hex machine id/machine id
    bootarg
  - add static inline wrapper if CONFIG_MACHINE_ID is disabled
---
 common/Kconfig       | 18 +++++++++++++
 common/Makefile      |  1 +
 common/machine_id.c  | 63 ++++++++++++++++++++++++++++++++++++++++++++
 include/machine_id.h | 16 +++++++++++
 4 files changed, 98 insertions(+)
 create mode 100644 common/machine_id.c
 create mode 100644 include/machine_id.h

diff --git a/common/Kconfig b/common/Kconfig
index 8aad5baecd..7be2487a20 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -982,6 +982,24 @@ config RESET_SOURCE
 	  of the reset and why the bootloader is currently running. It can be
 	  useful for any kind of system recovery or repair.
 
+config MACHINE_ID
+	bool "pass machine-id to kernel"
+	depends on FLEXIBLE_BOOTARGS
+	depends on SHA1
+	help
+	  Sets the linux.bootargs.machine_id global variable with a value of
+	  systemd.machine_id=UID. The UID is a persistent device-specific
+	  id. It is a hash over device-specific information provided by various
+	  sources.
+
+	  Note: if multiple sources provide hashable device-specific information
+	  (via machine_id_set_hashable()) the information provided by the last call
+	  prior to the late initcall set_machine_id() is used to generate the
+	  machine id from. Thus when updating barebox the machine id might change.
+
+	  Note: if no hashable information is available no machine id will be passed
+	  to the kernel.
+
 endmenu
 
 menu "Debugging"
diff --git a/common/Makefile b/common/Makefile
index a284655fc1..10960169f9 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -11,6 +11,7 @@ obj-y				+= bootsource.o
 obj-$(CONFIG_ELF)		+= elf.o
 obj-y				+= restart.o
 obj-y				+= poweroff.o
+obj-$(CONFIG_MACHINE_ID)	+= machine_id.o
 obj-$(CONFIG_AUTO_COMPLETE)	+= complete.o
 obj-y				+= version.o
 obj-$(CONFIG_BAREBOX_UPDATE)	+= bbu.o
diff --git a/common/machine_id.c b/common/machine_id.c
new file mode 100644
index 0000000000..f2eeea0f8e
--- /dev/null
+++ b/common/machine_id.c
@@ -0,0 +1,63 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2019 Pengutronix, Bastian Krause <kernel@pengutronix.de>
+ */
+
+#include <common.h>
+#include <init.h>
+#include <digest.h>
+#include <globalvar.h>
+#include <crypto/sha.h>
+#include <machine_id.h>
+
+#define MACHINE_ID_LENGTH 32
+
+static void *__machine_id_hashable;
+static size_t __machine_id_hashable_length;
+
+
+void machine_id_set_hashable(const void *hashable, size_t len)
+{
+
+	__machine_id_hashable = xmemdup(hashable, len);
+	__machine_id_hashable_length = len;
+}
+
+static int machine_id_set_bootarg(void)
+{
+	struct digest *digest = NULL;
+	unsigned char machine_id[SHA1_DIGEST_SIZE];
+	char hex_machine_id[MACHINE_ID_LENGTH];
+	char *machine_id_bootarg;
+	int ret = 0;
+
+	/* nothing to do if no hashable information provided */
+	if (!__machine_id_hashable)
+		goto out;
+
+	digest = digest_alloc_by_algo(HASH_ALGO_SHA1);
+	ret = digest_init(digest);
+	if (ret)
+		goto out;
+
+	ret = digest_update(digest, __machine_id_hashable,
+			    __machine_id_hashable_length);
+	if (ret)
+		goto out;
+
+	ret = digest_final(digest, machine_id);
+	if (ret)
+		goto out;
+
+	/* use the first 16 bytes of the sha1 hash as the machine id */
+	bin2hex(hex_machine_id, machine_id, MACHINE_ID_LENGTH/2);
+
+	machine_id_bootarg = basprintf("systemd.machine_id=%.*s", MACHINE_ID_LENGTH, hex_machine_id);
+	globalvar_add_simple("linux.bootargs.machine_id", machine_id_bootarg);
+
+out:
+	digest_free(digest);
+	return ret;
+
+}
+late_initcall(machine_id_set_bootarg);
diff --git a/include/machine_id.h b/include/machine_id.h
new file mode 100644
index 0000000000..31d5e0bb28
--- /dev/null
+++ b/include/machine_id.h
@@ -0,0 +1,16 @@
+#ifndef __MACHINE_ID_H__
+#define __MACHINE_ID_H__
+
+#if IS_ENABLED(CONFIG_MACHINE_ID)
+
+void machine_id_set_hashable(const void *hashable, size_t len);
+
+#else
+
+static inline void machine_id_set_hashable(const void *hashable, size_t len)
+{
+}
+
+#endif /* CONFIG_MACHINE_ID */
+
+#endif  /* __MACHINE_ID_H__ */
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2 2/3] common: machine_id: introduce machine id generation and pass id on

[Sascha Hauer]

On Fri, Jul 19, 2019 at 12:55:33PM +0200, Bastian Krause wrote:
> By default systemd generates a machine id on first boot and tries to
> persist it (see `man machine-id`). When the root file system is read-only
> systemd cannot persist the machine id. In case multiple redundant slots
> are used the machine id will vary. When not handled explicitly the
> machine id will also change during updates.
> 
> It is possible to pass a machine id to the kernel which will be used by
> systemd (systemd.machine_id=).
> 
> This adds functionality to pass device-specific information that will be
> hashed to generate a persistent unique machine id. The machine id will
> be finally added to the kernel parameters via the
> linux.bootargs.machine_id global variable.
> 
> Note: if multiple sources provide hashable device-specific information
> (via machine_id_set_hashable()) the information provided by the last call
> prior to the late initcall set_machine_id() is used to generate the
> machine id from. Thus when updating barebox the machine id might change.
> 
> Signed-off-by: Bastian Krause <bst@pengutronix.de>
> ---
> Changes since (implicit) v1:
>   - depend on SHA1 instead of selecting DIGEST/DIGEST_SHA1_GENERIC
>   - add note about multiple sources providing hashables to kconfig
>   - add note about no hashable provided to kconfig
>   - remove warning about "no hashable info provided" along with pr_fmt
>   - make machine_id_set_hashable()'s hashable parameter const
>   - make a copy of the hashable provided rather than storing the pointer
>   - hash data instead of pointer address
>   - use basprintf() and dedicated variables for hex machine id/machine id
>     bootarg
>   - add static inline wrapper if CONFIG_MACHINE_ID is disabled
> ---
>  common/Kconfig       | 18 +++++++++++++
>  common/Makefile      |  1 +
>  common/machine_id.c  | 63 ++++++++++++++++++++++++++++++++++++++++++++
>  include/machine_id.h | 16 +++++++++++
>  4 files changed, 98 insertions(+)
>  create mode 100644 common/machine_id.c
>  create mode 100644 include/machine_id.h
> 
> diff --git a/common/Kconfig b/common/Kconfig
> index 8aad5baecd..7be2487a20 100644
> --- a/common/Kconfig
> +++ b/common/Kconfig
> @@ -982,6 +982,24 @@ config RESET_SOURCE
>  	  of the reset and why the bootloader is currently running. It can be
>  	  useful for any kind of system recovery or repair.
>  
> +config MACHINE_ID
> +	bool "pass machine-id to kernel"
> +	depends on FLEXIBLE_BOOTARGS
> +	depends on SHA1
> +	help
> +	  Sets the linux.bootargs.machine_id global variable with a value of
> +	  systemd.machine_id=UID. The UID is a persistent device-specific
> +	  id. It is a hash over device-specific information provided by various
> +	  sources.
> +
> +	  Note: if multiple sources provide hashable device-specific information
> +	  (via machine_id_set_hashable()) the information provided by the last call
> +	  prior to the late initcall set_machine_id() is used to generate the
> +	  machine id from. Thus when updating barebox the machine id might change.
> +
> +	  Note: if no hashable information is available no machine id will be passed
> +	  to the kernel.

We'll need some additional runtime control knob whether this behaviour
should be used or not. Just enabling a Kconfig option shouldn't change the
behaviour of barebox. A boolean global.linux.provide_machine_id flag
should do it.

Also it would be nice to provide the machine-id to barebox aswell, maybe
in global.machine_id.

Overall we then get this:

- set global.machine_id during barebox startup (inicalls)
- User can overwrite it with nv.machine_id if necessary
- during booting of Linux global.linux.bootargs.machine_id is
  initialized with the value of global.machine_id if desired (based on
  global.linux.provide_machine_id)

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 3/3] nvmem: ocotp: set unique id as machine-id hashable

[Bastian Krause]

Pass the OCOTP unique id as hashable information to machine id
generation.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
Changes since (implicit) v1:
  - remove explicit address-of operator for unique_id_parts
---
 drivers/nvmem/ocotp.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/drivers/nvmem/ocotp.c b/drivers/nvmem/ocotp.c
index 3f9f162860..d5e9d72a52 100644
--- a/drivers/nvmem/ocotp.c
+++ b/drivers/nvmem/ocotp.c
@@ -29,6 +29,7 @@
 #include <regmap.h>
 #include <linux/clk.h>
 #include <mach/ocotp.h>
+#include <machine_id.h>
 #include <linux/nvmem-provider.h>
 
 /*
@@ -77,6 +78,9 @@
 #define MAC_OFFSET_1			(0x24 * 4)
 #define MAX_MAC_OFFSETS			2
 #define MAC_BYTES			8
+#define UNIQUE_ID_NUM			2
+/* 0 <= n < UNIQUE_ID_NUM */
+#define UNIQUE_ID(n)			(OCOTP_WORD(0x410 + 0x10 * (n)) | OCOTP_BIT(0) | OCOTP_WIDTH(32))
 
 enum imx_ocotp_format_mac_direction {
 	OCOTP_HW_TO_MAC,
@@ -548,6 +552,23 @@ static int imx_ocotp_read(struct device_d *dev, const int offset, void *val,
 	return regmap_bulk_read(priv->map, offset, val, bytes);
 }
 
+static int imx_ocotp_set_unique_machine_id(void)
+{
+	uint32_t unique_id_parts[UNIQUE_ID_NUM];
+	int ret, i;
+
+	for (i = 0; i < UNIQUE_ID_NUM; i++) {
+		ret = imx_ocotp_read_field(UNIQUE_ID(i), &unique_id_parts[i]);
+		if (ret < 0)
+			goto out;
+	}
+
+	machine_id_set_hashable(unique_id_parts, sizeof(unique_id_parts));
+
+out:
+	return ret;
+}
+
 static const struct nvmem_bus imx_ocotp_nvmem_bus = {
 	.write = imx_ocotp_write,
 	.read  = imx_ocotp_read,
@@ -633,6 +654,9 @@ static int imx_ocotp_probe(struct device_d *dev)
 				  ethaddr->value, ethaddr);
 	}
 
+	if (IS_ENABLED(CONFIG_MACHINE_ID))
+		imx_ocotp_set_unique_machine_id();
+
 	imx_ocotp_init_dt(priv);
 
 	dev_add_param_bool(&(priv->dev), "sense_enable", NULL, NULL, &priv->sense_enable, priv);
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox