On 1/10/2022 12:09 PM, Hector Martin wrote:
> On 2022/01/10 18:11, Arend van Spriel wrote:
>> On 1/4/2022 8:26 AM, Hector Martin wrote:
>>> Newer Apple firmwares on chipsets without a hardware RNG require the
>>> host to provide a buffer of 256 random bytes to the device on
>>> initialization. This buffer is present immediately before NVRAM,
>>> suffixed by a footer containing a magic number and the buffer length.
>>>
>>> This won't affect chips/firmwares that do not use this feature, so do it
>>> unconditionally.
>>
>> Not sure what the general opinion is here, but pulling random bytes for
>> naught seems wasteful to me. So if there is a way of knowing it is
>> needed please make it conditional.
> 
> We could gate it on specific chips only, if you don't mind maintaining a
> list of those. AIUI that would be all the T2 platform chips or so (the
> newer two don't seem to need it).
> 
> Alternatively we could just do this only if an Apple OTP is detected.
> That is already implicitly gated by the OTP offset chip list.

That sounds like a good approach.

Regards,
Arend