* [PATCH v4 1/4] digest.h: needs errno definitions
2019-09-27 9:59 [PATCH v4 0/4] Machine ID Support Bastian Krause
@ 2019-09-27 9:59 ` Bastian Krause
2019-09-27 9:59 ` [PATCH v4 2/4] common: machine_id: introduce machine id generation Bastian Krause
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Bastian Krause @ 2019-09-27 9:59 UTC (permalink / raw)
To: barebox; +Cc: Andrey Smirnov, Juergen Borleis, Bastian Krause
From: Juergen Borleis <jbe@pengutronix.de>
digest_set_key() returns -ENOTSUPP conditionally, so include errno.h.
Fixes: 2f3c3f512b ("digest: add HMAC support for md5, sha1, sha224, sha256, sha384, sha512")
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
include/digest.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/digest.h b/include/digest.h
index 474bdd160a..176084146b 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -20,6 +20,7 @@
#define __DIGEST_H__
#include <linux/list.h>
+#include <errno.h>
struct digest;
--
2.23.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4 2/4] common: machine_id: introduce machine id generation
2019-09-27 9:59 [PATCH v4 0/4] Machine ID Support Bastian Krause
2019-09-27 9:59 ` [PATCH v4 1/4] digest.h: needs errno definitions Bastian Krause
@ 2019-09-27 9:59 ` Bastian Krause
2019-09-27 9:59 ` [PATCH v4 3/4] nvmem: ocotp: set unique id as machine-id hashable Bastian Krause
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Bastian Krause @ 2019-09-27 9:59 UTC (permalink / raw)
To: barebox; +Cc: Andrey Smirnov, Bastian Krause
This patch adds functionality to pass device-specific information that
will be hashed to generate a persistent unique machine id. It is then
available as global.machine_id. It can be overwritten with
nv.machine_id if necessary. Passing the machine id to the kernel is
done in a separate patch.
Note: if multiple sources provide hashable device-specific information
(via machine_id_set_hashable()) the information provided by the last call
prior to the late initcall set_machine_id() is used to generate the
machine id from. Thus when updating barebox the machine id might change.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
common/Kconfig | 18 ++++++++++++
common/Makefile | 1 +
common/machine_id.c | 69 ++++++++++++++++++++++++++++++++++++++++++++
include/machine_id.h | 16 ++++++++++
4 files changed, 104 insertions(+)
create mode 100644 common/machine_id.c
create mode 100644 include/machine_id.h
diff --git a/common/Kconfig b/common/Kconfig
index cafaadb3d4..7c56eb469e 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -982,6 +982,24 @@ config RESET_SOURCE
of the reset and why the bootloader is currently running. It can be
useful for any kind of system recovery or repair.
+config MACHINE_ID
+ bool "pass machine-id to kernel"
+ depends on FLEXIBLE_BOOTARGS
+ depends on SHA1
+ help
+ Sets the linux.bootargs.machine_id global variable with a value of
+ systemd.machine_id=UID. The UID is a persistent device-specific
+ id. It is a hash over device-specific information provided by various
+ sources.
+
+ Note: if multiple sources provide hashable device-specific information
+ (via machine_id_set_hashable()) the information provided by the last call
+ prior to the late initcall set_machine_id() is used to generate the
+ machine id from. Thus when updating barebox the machine id might change.
+
+ Note: if no hashable information is available no machine id will be passed
+ to the kernel.
+
endmenu
menu "Debugging"
diff --git a/common/Makefile b/common/Makefile
index a284655fc1..10960169f9 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -11,6 +11,7 @@ obj-y += bootsource.o
obj-$(CONFIG_ELF) += elf.o
obj-y += restart.o
obj-y += poweroff.o
+obj-$(CONFIG_MACHINE_ID) += machine_id.o
obj-$(CONFIG_AUTO_COMPLETE) += complete.o
obj-y += version.o
obj-$(CONFIG_BAREBOX_UPDATE) += bbu.o
diff --git a/common/machine_id.c b/common/machine_id.c
new file mode 100644
index 0000000000..e678bb7fe8
--- /dev/null
+++ b/common/machine_id.c
@@ -0,0 +1,69 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2019 Pengutronix, Bastian Krause <kernel@pengutronix.de>
+ */
+
+#include <common.h>
+#include <init.h>
+#include <digest.h>
+#include <globalvar.h>
+#include <magicvar.h>
+#include <crypto/sha.h>
+#include <machine_id.h>
+
+#define MACHINE_ID_LENGTH 32
+
+static void *__machine_id_hashable;
+static size_t __machine_id_hashable_length;
+
+
+void machine_id_set_hashable(const void *hashable, size_t len)
+{
+
+ __machine_id_hashable = xmemdup(hashable, len);
+ __machine_id_hashable_length = len;
+}
+
+static int machine_id_set_bootarg(void)
+{
+ struct digest *digest = NULL;
+ unsigned char machine_id[SHA1_DIGEST_SIZE];
+ char hex_machine_id[MACHINE_ID_LENGTH];
+ char *env_machine_id;
+ int ret = 0;
+
+ /* nothing to do if no hashable information provided */
+ if (!__machine_id_hashable)
+ goto out;
+
+ digest = digest_alloc_by_algo(HASH_ALGO_SHA1);
+ ret = digest_init(digest);
+ if (ret)
+ goto out;
+
+ ret = digest_update(digest, __machine_id_hashable,
+ __machine_id_hashable_length);
+ if (ret)
+ goto out;
+
+ ret = digest_final(digest, machine_id);
+ if (ret)
+ goto out;
+
+ /* use the first 16 bytes of the sha1 hash as the machine id */
+ bin2hex(hex_machine_id, machine_id, MACHINE_ID_LENGTH/2);
+
+ env_machine_id = basprintf("%.*s", MACHINE_ID_LENGTH, hex_machine_id);
+ globalvar_add_simple("machine_id", env_machine_id);
+ free(env_machine_id);
+
+out:
+ globalvar_add_simple("machine_id", NULL);
+
+ digest_free(digest);
+ return ret;
+
+}
+late_initcall(machine_id_set_bootarg);
+
+BAREBOX_MAGICVAR_NAMED(global_machine_id, global.machine_id, "Persistent device-specific, hexadecimal, 32-character id");
diff --git a/include/machine_id.h b/include/machine_id.h
new file mode 100644
index 0000000000..31d5e0bb28
--- /dev/null
+++ b/include/machine_id.h
@@ -0,0 +1,16 @@
+#ifndef __MACHINE_ID_H__
+#define __MACHINE_ID_H__
+
+#if IS_ENABLED(CONFIG_MACHINE_ID)
+
+void machine_id_set_hashable(const void *hashable, size_t len);
+
+#else
+
+static inline void machine_id_set_hashable(const void *hashable, size_t len)
+{
+}
+
+#endif /* CONFIG_MACHINE_ID */
+
+#endif /* __MACHINE_ID_H__ */
--
2.23.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4 3/4] nvmem: ocotp: set unique id as machine-id hashable
2019-09-27 9:59 [PATCH v4 0/4] Machine ID Support Bastian Krause
2019-09-27 9:59 ` [PATCH v4 1/4] digest.h: needs errno definitions Bastian Krause
2019-09-27 9:59 ` [PATCH v4 2/4] common: machine_id: introduce machine id generation Bastian Krause
@ 2019-09-27 9:59 ` Bastian Krause
2019-09-27 9:59 ` [PATCH v4 4/4] bootm: allow providing machine id to Kernel Bastian Krause
2019-09-30 18:39 ` [PATCH v4 0/4] Machine ID Support Sascha Hauer
4 siblings, 0 replies; 6+ messages in thread
From: Bastian Krause @ 2019-09-27 9:59 UTC (permalink / raw)
To: barebox; +Cc: Andrey Smirnov, Bastian Krause
Pass the OCOTP unique id as hashable information to machine id
generation.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
drivers/nvmem/ocotp.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/drivers/nvmem/ocotp.c b/drivers/nvmem/ocotp.c
index 3f9f162860..79693e22e0 100644
--- a/drivers/nvmem/ocotp.c
+++ b/drivers/nvmem/ocotp.c
@@ -29,6 +29,8 @@
#include <regmap.h>
#include <linux/clk.h>
#include <mach/ocotp.h>
+#include <machine_id.h>
+#include <mach/ocotp-fusemap.h>
#include <linux/nvmem-provider.h>
/*
@@ -77,6 +79,7 @@
#define MAC_OFFSET_1 (0x24 * 4)
#define MAX_MAC_OFFSETS 2
#define MAC_BYTES 8
+#define UNIQUE_ID_NUM 2
enum imx_ocotp_format_mac_direction {
OCOTP_HW_TO_MAC,
@@ -548,6 +551,19 @@ static int imx_ocotp_read(struct device_d *dev, const int offset, void *val,
return regmap_bulk_read(priv->map, offset, val, bytes);
}
+static void imx_ocotp_set_unique_machine_id(void)
+{
+ uint32_t unique_id_parts[UNIQUE_ID_NUM];
+ int i;
+
+ for (i = 0; i < UNIQUE_ID_NUM; i++)
+ if (imx_ocotp_read_field(OCOTP_UNIQUE_ID(i),
+ &unique_id_parts[i]))
+ return;
+
+ machine_id_set_hashable(unique_id_parts, sizeof(unique_id_parts));
+}
+
static const struct nvmem_bus imx_ocotp_nvmem_bus = {
.write = imx_ocotp_write,
.read = imx_ocotp_read,
@@ -633,6 +649,9 @@ static int imx_ocotp_probe(struct device_d *dev)
ethaddr->value, ethaddr);
}
+ if (IS_ENABLED(CONFIG_MACHINE_ID))
+ imx_ocotp_set_unique_machine_id();
+
imx_ocotp_init_dt(priv);
dev_add_param_bool(&(priv->dev), "sense_enable", NULL, NULL, &priv->sense_enable, priv);
--
2.23.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4 4/4] bootm: allow providing machine id to Kernel
2019-09-27 9:59 [PATCH v4 0/4] Machine ID Support Bastian Krause
` (2 preceding siblings ...)
2019-09-27 9:59 ` [PATCH v4 3/4] nvmem: ocotp: set unique id as machine-id hashable Bastian Krause
@ 2019-09-27 9:59 ` Bastian Krause
2019-09-30 18:39 ` [PATCH v4 0/4] Machine ID Support Sascha Hauer
4 siblings, 0 replies; 6+ messages in thread
From: Bastian Krause @ 2019-09-27 9:59 UTC (permalink / raw)
To: barebox; +Cc: Andrey Smirnov, Bastian Krause
By default systemd generates a machine id on first boot and tries to
persist it (see `man machine-id`). When the root file system is read-only
systemd cannot persist the machine id. In case multiple redundant slots
are used the machine id will vary. When not handled explicitly the
machine id will also change during system updates.
It is possible to pass a machine id to the kernel which will be used by
systemd (systemd.machine_id=).
If global.bootm.provide_machine_id (or nv.bootm.provide_machine_id) is
true then provide the machine id from global.machine_id as
systemd.machine_id= parameter to the Kernel.
Note that global.machine_id must be set, either by the
machine_id_set_bootarg late init call or by setting it manually with
nv.machine_id if necessary.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
common/bootm.c | 19 +++++++++++++++++++
include/bootm.h | 5 +++++
2 files changed, 24 insertions(+)
diff --git a/common/bootm.c b/common/bootm.c
index b50b76ed6f..366f314555 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -51,6 +51,7 @@ static struct image_handler *bootm_find_handler(enum filetype filetype,
}
static int bootm_appendroot;
+static int bootm_provide_machine_id;
static int bootm_verbosity;
void bootm_data_init_defaults(struct bootm_data *data)
@@ -65,6 +66,7 @@ void bootm_data_init_defaults(struct bootm_data *data)
data->initrd_file = getenv_nonempty("global.bootm.initrd");
data->verify = bootm_get_verify_mode();
data->appendroot = bootm_appendroot;
+ data->provide_machine_id = bootm_provide_machine_id;
data->verbose = bootm_verbosity;
}
@@ -646,6 +648,21 @@ int bootm_boot(struct bootm_data *bootm_data)
}
}
+ if (bootm_data->provide_machine_id) {
+ const char *machine_id = getenv_nonempty("global.machine_id");
+ char *machine_id_bootarg;
+
+ if (!machine_id) {
+ printf("Providing machine id is enabled but no machine id set\n");
+ ret = -EINVAL;
+ goto err_out;
+ }
+
+ machine_id_bootarg = basprintf("systemd.machine_id=%s", machine_id);
+ globalvar_add_simple("linux.bootargs.machine_id", machine_id_bootarg);
+ free(machine_id_bootarg);
+ }
+
printf("\nLoading %s '%s'", file_type_to_string(os_type),
data->os_file);
if (os_type == filetype_uimage &&
@@ -711,6 +728,7 @@ static int bootm_init(void)
globalvar_add_simple("bootm.oftree", NULL);
globalvar_add_simple("bootm.tee", NULL);
globalvar_add_simple_bool("bootm.appendroot", &bootm_appendroot);
+ globalvar_add_simple_bool("bootm.provide_machine_id", &bootm_provide_machine_id);
if (IS_ENABLED(CONFIG_BOOTM_INITRD)) {
globalvar_add_simple("bootm.initrd", NULL);
globalvar_add_simple("bootm.initrd.loadaddr", NULL);
@@ -738,3 +756,4 @@ BAREBOX_MAGICVAR_NAMED(global_bootm_tee, global.bootm.tee, "bootm default tee im
BAREBOX_MAGICVAR_NAMED(global_bootm_verify, global.bootm.verify, "bootm default verify level");
BAREBOX_MAGICVAR_NAMED(global_bootm_verbose, global.bootm.verbose, "bootm default verbosity level (0=quiet)");
BAREBOX_MAGICVAR_NAMED(global_bootm_appendroot, global.bootm.appendroot, "Add root= option to Kernel to mount rootfs from the device the Kernel comes from");
+BAREBOX_MAGICVAR_NAMED(global_bootm_provide_machine_id, global.bootm.provide_machine_id, "If true, add systemd.machine_id= with value of global.machine_id to Kernel");
diff --git a/include/bootm.h b/include/bootm.h
index 5ce3318ecc..a041aa35b9 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -26,6 +26,11 @@ struct bootm_data {
* mount the rootfs from the same device as the Kernel comes from.
*/
bool appendroot;
+ /*
+ * provide_machine_id - if true, try to add systemd.machine_id= with
+ * value of global.machine_id to Kernel.
+ */
+ bool provide_machine_id;
unsigned long initrd_address;
unsigned long os_address;
unsigned long os_entry;
--
2.23.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v4 0/4] Machine ID Support
2019-09-27 9:59 [PATCH v4 0/4] Machine ID Support Bastian Krause
` (3 preceding siblings ...)
2019-09-27 9:59 ` [PATCH v4 4/4] bootm: allow providing machine id to Kernel Bastian Krause
@ 2019-09-30 18:39 ` Sascha Hauer
4 siblings, 0 replies; 6+ messages in thread
From: Sascha Hauer @ 2019-09-30 18:39 UTC (permalink / raw)
To: Bastian Krause; +Cc: Andrey Smirnov, barebox
On Fri, Sep 27, 2019 at 11:59:50AM +0200, Bastian Krause wrote:
> By default systemd generates a machine id on first boot and tries to
> persist it (see `man machine-id`). When the root file system is read-only
> systemd cannot persist the machine id. In case multiple redundant slots
> are used the machine id will vary. When not handled explicitly the
> machine id will also change during system updates.
>
> It is possible to pass a machine id to the kernel which will be used by
> systemd (systemd.machine_id=).
>
> This series adds a way to provide device-specific hashable information
> to generate a unique, persistent id. The i.MX unique id from the OCOTP
> registers is added as hashable exemplarily. The id is available as
> global.machine_id in barebox. It can be overwritten with nv.machine_id
> if necessary.
> The machine id is passed on to the Kernel by bootm based on
> global.bootm.provide_machine_id.
>
> Changes since v3:
> - nvmem: ocotp: use existing OCOTP_UNIQUE_ID instead of introducing a
> new define
> - convert imx_ocotp_set_unique_machine_id() to void as it's return
> is not used, simplify it
>
> Changes since v2:
> - set id to global.machine_id in init call instead of preparing the
> bootarg already (so it's usable within barebox, too)
> - move global.linux.bootargs.machine_id preparations to bootm code
> - make global.linux.bootargs.machine_id preparations conditionally,
> based on bootm.provide_machine_id
> - free machine id char pointer after globalvar_add_simple()
> - make global.machine_id a magicvar
> - make global.bootm.provide_machine_id a magicvar
>
> Changes since (implicit) v1:
> - depend on SHA1 instead of selecting DIGEST/DIGEST_SHA1_GENERIC
> - add note about multiple sources providing hashables to kconfig
> - add note about no hashable provided to kconfig
> - remove warning about "no hashable info provided" along with pr_fmt
> - make machine_id_set_hashable()'s hashable parameter const
> - make a copy of the hashable provided rather than storing the pointer
> - hash data instead of pointer address
> - use basprintf() and dedicated variables for hex machine id/machine id
> bootarg
> - add static inline wrapper if CONFIG_MACHINE_ID is disabled
> - nvmem: ocotp: remove explicit address-of operator for unique_id_parts
>
> Regards,
> Bastian
>
> Bastian Krause (3):
> common: machine_id: introduce machine id generation
> nvmem: ocotp: set unique id as machine-id hashable
> bootm: allow providing machine id to Kernel
Applied, thanks
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 6+ messages in thread