Page MenuHomeFreeBSD

stand: Allow any boot loader to provide entropy
Needs ReviewPublic

Authored by imp on Aug 26 2022, 6:03 PM.



Rework the entropy interface a bit. Move from entropy_efi_seed to
entropy_seed to enable this (future boot loaders will be able to get
croptographicly secure seeding). Check to see if we have the
'seed-entropy' loader function. If we do, then we'll use that and seed
the entropy if either entropy_seed or entropy_efi_seed is
'yes'. Otherwise, if we don't have a newer loader, then use the old way
of only calling efi-seed-entropy if we're running on UEFI.

Add entropy_seed to default/loader.conf and add documentaiton that it's
the new one to use.

Sponsored by: Netflix

Diff Detail

rG FreeBSD src repository
Lint Passed
No Test Coverage
Build Status
Buildable 47149
Build 44036: arc lint + arc unit

Event Timeline

imp requested review of this revision.Aug 26 2022, 6:03 PM

This should be shortened to if loader.has_command and loader.has_command("seed-entropy") then

The loader.has_command lookup will just return nil if the method hadn't been defined in C.