From: Ard Biesheuvel <ardb@kernel.org> To: linux-efi@vger.kernel.org, Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de> Cc: Dominik Brodowski <linux@dominikbrodowski.net>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-kernel@vger.kernel.org Subject: [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness Date: Tue, 29 Oct 2019 18:37:52 +0100 Message-ID: <20191029173755.27149-4-ardb@kernel.org> (raw) In-Reply-To: <20191029173755.27149-1-ardb@kernel.org> From: Dominik Brodowski <linux@dominikbrodowski.net> Commit 428826f5358c ("fdt: add support for rng-seed") introduced add_bootloader_randomness(), permitting randomness provided by the bootloader or firmware to be credited as entropy. However, the fact that the UEFI support code was already wired into the RNG subsystem via a call to add_device_randomness() was overlooked, and so it was not converted at the same time. Note that this UEFI (v2.4 or newer) feature is currently only implemented for EFI stub booting on ARM, and further note that CONFIG_RANDOM_TRUST_BOOTLOADER must be enabled, and this should be done only if there indeed is sufficient trust in the bootloader _and_ its source of randomness. Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> [ardb: update commit log] Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- drivers/firmware/efi/efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 69f00f7453a3..e98bbf8e56d9 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -554,7 +554,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz, sizeof(*seed) + size); if (seed != NULL) { pr_notice("seeding entropy pool\n"); - add_device_randomness(seed->bits, seed->size); + add_bootloader_randomness(seed->bits, seed->size); early_memunmap(seed, sizeof(*seed) + size); } else { pr_err("Could not map UEFI random seed!\n"); -- 2.17.1
next prev parent reply index Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-29 17:37 [GIT PULL v2 0/6] EFI fixes for v5.4 Ard Biesheuvel 2019-10-29 17:37 ` [PATCH v2 1/6] efi: Make CONFIG_EFI_RCI2_TABLE selectable on x86 only Ard Biesheuvel 2019-10-31 11:55 ` [tip: efi/urgent] " tip-bot2 for Narendra K 2019-10-29 17:37 ` [PATCH v2 2/6] efi/tpm: return -EINVAL when determining tpm final events log size fails Ard Biesheuvel 2019-10-31 11:55 ` [tip: efi/urgent] efi/tpm: Return " tip-bot2 for Jerry Snitselaar 2019-10-29 17:37 ` Ard Biesheuvel [this message] 2019-10-29 19:14 ` [PATCH v2 3/6] efi/random: treat EFI_RNG_PROTOCOL output as bootloader randomness Bhupesh Sharma 2019-10-31 8:24 ` Ard Biesheuvel 2019-10-31 8:41 ` Ingo Molnar 2019-10-31 13:47 ` Ard Biesheuvel 2019-10-31 11:55 ` [tip: efi/urgent] efi/random: Treat " tip-bot2 for Dominik Brodowski 2019-10-29 17:37 ` [PATCH v2 4/6] efi: libstub/arm: account for firmware reserved memory at the base of RAM Ard Biesheuvel 2019-10-31 11:55 ` [tip: efi/urgent] efi: libstub/arm: Account " tip-bot2 for Ard Biesheuvel 2019-10-29 17:37 ` [PATCH v2 5/6] x86, efi: never relocate kernel below lowest acceptable address Ard Biesheuvel 2019-10-31 11:55 ` [tip: efi/urgent] x86, efi: Never " tip-bot2 for Kairui Song 2019-10-29 17:37 ` [PATCH v2 6/6] efi/efi_test: lock down /dev/efi_test and require CAP_SYS_ADMIN Ard Biesheuvel 2019-10-31 11:55 ` [tip: efi/urgent] efi/efi_test: Lock " tip-bot2 for Javier Martinez Canillas
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191029173755.27149-4-ardb@kernel.org \ --to=ardb@kernel.org \ --cc=ard.biesheuvel@linaro.org \ --cc=linux-efi@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux@dominikbrodowski.net \ --cc=mingo@kernel.org \ --cc=tglx@linutronix.de \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-EFI Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-efi/0 linux-efi/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-efi linux-efi/ https://lore.kernel.org/linux-efi \ linux-efi@vger.kernel.org public-inbox-index linux-efi Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-efi AGPL code for this site: git clone https://public-inbox.org/public-inbox.git