When calculating a random UUID we use a weak seed.
Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
When setting aside a GPT partition for holding the U-Boot environment,
having a partition type GUID [1] indicating "Linux filesystem" (as
most tools default to) is somewhat misleading - and there's no other
well-known type GUID that is better suited. So to have a canonical
value to put into the type field, define
3de21764-95bd-54bd-a5c3-4abe786f38a8
to mean a partition holding a U-Boot environment.
This is a v5 namespace-name GUID [2], generated [3] from a namespace
of "25cbcde0-8642-47c6-a298-1a3a57cd256b" and name "U-Boot
environment".
Should future type GUIDs be defined in the context of U-Boot, it's
sensible to use that same namespace GUID.
[1] https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs
[2] https://en.wikipedia.org/wiki/Universally_unique_identifier#Versions_3_and_5_(namespace_name-based)
[3] https://www.uuidtools.com/v5
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
There's no reason to require an appropriately sized output parameter
for the string, that's error-prone should the table ever grow an
element with a longer string. We can just return the const char*
pointer directly.
Update the only caller accordingly, and get rid of pointless ifdeffery
in the header so that the compiler always sees a declaration and can
thus do type-checking, whether or not PARTITION_TYPE_GUID is enabled
or not.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function belongs in time.h so move it over and add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Packed structures like struct uuid are not aligned. GCC 9.1 therefore
throws an error when trying to compile gen_rand_uuid().
lib/uuid.c: In function ‘gen_rand_uuid’:
lib/uuid.c:244:2: error: converting a packed ‘struct uuid’ pointer
(alignment 1) to a ‘unsigned int’ pointer (alignment 4) may result in
an unaligned pointer value [-Werror=address-of-packed-member]
244 | unsigned int *ptr = (unsigned int *)&uuid;
| ^~~~~~~~
Generate the uuid in a properly aligned buffer.
The byte order of a random number should not matter. Do not call
cpu_to_be32() to change the byte order.
Reported-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the UEFI context GUIDs are expected to be rendered in upper case.
The patch uses the formerly unused bit 1 of the parameter str_format
of function uuid_bin_to_str() to indicate if we need upper or lower case
output.
Function uuid_string() in vsprint.c is adjusted to correctly set the bit
depending on the print format code.
%pUb: 01020304-0506-0708-090a-0b0c0d0e0f10
%pUB: 01020304-0506-0708-090A-0B0C0D0E0F10
%pUl: 04030201-0605-0807-090a-0b0c0d0e0f10
%pUL: 04030201-0605-0807-090A-0B0C0D0E0F10
Up to this point only a diagnostic message in mount_ubifs() using '%pUB' is
concerned by the change. Further patches are needed to adjust the UEFI
subsystem.
A unit test is provided inside the ut_print command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The random uuid values (enabled via CONFIG_RANDOM_UUID=y) on our
platform are always the same. Below is consistent on each cold boot:
=> ### interrupt autoboot
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d117f98e-6f2c-d04b-a5b2-331a19f91cb2
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=ad5ec4b6-2d9f-8544-9417-fe3bd1c9b1b3
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=cceb0b18-39cb-d547-9db7-03b405fa77d4
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d4981a2b-0478-544e-9607-7fd3c651068d
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=6d6c9a36-e919-264d-a9ee-bd00379686c7
While the uuids do change on every 'gpt write' command, the values
appear to be taken from the same pool, in the same order.
Assuming U-Boot with RANDOM_UUID=y is deployed on a large number of
devices, all those devices would essentially expose the same UUID,
breaking the assumption of system/RFS/application designers who rely
on UUID as being globally unique (e.g. a database using UUID as key
would alias/mix up entries/records due to duplicated UUID).
The root cause seems to be simply _not_ seeding PRNG before generating
a random value. It turns out this belongs to an established class of
PRNG-specific problems, commonly known as "unseeded randomness", for
which I am able to find below bugs/CVE/CWE:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0285
("CVE-2015-0285 openssl: handshake with unseeded PRNG")
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019
("CVE-2015-9019 libxslt: math.random() in xslt uses unseeded
randomness")
- https://cwe.mitre.org/data/definitions/336.html
("CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)")
The first revision [1] of this patch updated the seed based on the
output of get_timer(), similar to [4].
There are two problems with this approach:
- get_timer() has a poor _ms_ resolution
- when gen_rand_uuid() is called in a loop, get_timer() returns the
same result, leading to the same seed being passed to srand(),
leading to the same uuid being generated for several partitions
with different names
The above drawbacks have been addressed in the second version [2].
In its third revision (current), the patch reworded the description
and summary line to emphasize it is a *fix* rather than an improvement.
Testing [3] consisted of running 'gpt write mmc 1 $partitions' in a
loop on R-Car3 for several minutes, collecting 8844 randomly generated
UUIDS. Two consecutive cold boots are concatenated in the log.
As a result, all uuid values are unique (scripted check).
Thanks to Roman, who reported the issue and provided support in fixing.
[1] https://patchwork.ozlabs.org/patch/1091802/
[2] https://patchwork.ozlabs.org/patch/1092945/
[3] https://gist.github.com/erosca/2820be9d554f76b982edd48474d0e7ca
[4] commit da384a9d76 ("net: rename and refactor eth_rand_ethaddr() function")
Reported-by: Roman Stratiienko <roman.stratiienko@globallogic.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The uuid command is only really useful in U-Boot, but it's useless in
SPL. Worse yet, it pulls in various environment manipulation functions
as it call env_set(). Do not compile the command in in SPL.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
short strings can be used in type parameter of gpt command
to replace the guid string for the types known by u-boot
partitions = name=boot,size=0x6bc00,type=data; \
name=root,size=0x7538ba00,type=linux;
gpt write mmc 0 $partitions
and they are also used to display the type of partition
in "part list" command
Partition Map for MMC device 0 -- Partition Type: EFI
Part Start LBA End LBA Name
Attributes
Type GUID
Partition GUID
1 0x00000022 0x0000037f "boot"
attrs: 0x0000000000000000
type: ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
type: data
guid: d117f98e-6f2c-d04b-a5b2-331a19f91cb2
2 0x00000380 0x003a9fdc "root"
attrs: 0x0000000000000000
type: 0fc63daf-8483-4772-8e79-3d69d8477de4
type: linux
guid: 25718777-d0ad-7443-9e60-02cb591c9737
Signed-off-by: Patrick Delaunay <patrick.delaunay73@gmail.com>
Changes:
- randomly generate partition uuid if any is undefined and CONFIG_RAND_UUID
is defined
- print debug info about set/unset/generated uuid
- update doc/README.gpt
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Cc: Piotr Wilczek <p.wilczek@samsung.com>
Cc: Tom Rini <trini@ti.com>
Cc: Stephen Warren <swarren@nvidia.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Those commands basis on implementation of random UUID generator version 4
which is described in RFC4122. The same algorithm is used for generation
both ids but string representation is different as below.
char: 0 9 14 19 24 36
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
UUID: be be be be be
GUID: le le le be be
Commands usage:
- uuid [<varname>]
- guid [<varname>]
The result is saved in environment as a "varname" variable if argument is given,
if not then it is printed.
New config:
- CONFIG_CMD_UUID
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Stephen Warren <swarren@nvidia.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: trini@ti.com
This patch adds support to generate UUID (Universally Unique Identifier)
in version 4 based on RFC4122, which is randomly.
Source: https://www.ietf.org/rfc/rfc4122.txt
Changes:
- new configs:
- CONFIG_LIB_UUID for compile lib/uuid.c
- CONFIG_RANDOM_UUID for functions gen_rand_uuid() and gen_rand_uuid_str()
- add configs dependency to include/config_fallbacks.h for lib uuid.
lib/uuid.c:
- add gen_rand_uuid() - this function writes 16 bytes len binary representation
of UUID v4 to the memory at given address.
- add gen_rand_uuid_str() - this function writes 37 bytes len hexadecimal
ASCII string representation of UUID v4 to the memory at given address.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Stephen Warren <swarren@nvidia.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
[trini: Add CONFIG_EFI_PARTITION to fallbacks]
Signed-off-by: Tom Rini <trini@ti.com>
Changes in lib/uuid.c to:
- uuid_str_to_bin()
- uuid_bin_to_str()
New parameter is added to specify input/output string format in listed functions
This change allows easy recognize which UUID type is or should be stored in given
string array. Binary data of UUID and GUID is always stored in big endian, only
string representations are different as follows.
String byte: 0 36
String char: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
string UUID: be be be be be
string GUID: le le le be be
This patch also updates functions calls and declarations in a whole code.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Stephen Warren <swarren@nvidia.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: trini@ti.com
This commit introduces cleanup for uuid library.
Changes:
- move uuid<->string conversion functions into lib/uuid.c so they can be
used by code outside part_efi.c.
- rename uuid_string() to uuid_bin_to_str() for consistency with existing
uuid_str_to_bin()
- add an error return code to uuid_str_to_bin()
- update existing code to the new library functions.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Stephen Warren <swarren@nvidia.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: trini@ti.com
Matthias Brugger