stand: Allow any boot loader to provide entropy
Needs ReviewPublic
Actions

Authored by imp on Aug 26 2022, 6:03 PM.

Details

Reviewers

manu
kevans
cperciva

Summary

Rework the entropy interface a bit. Move from entropy_efi_seed to
entropy_seed to enable this (future boot loaders will be able to get
croptographicly secure seeding). Check to see if we have the
'seed-entropy' loader function. If we do, then we'll use that and seed
the entropy if either entropy_seed or entropy_efi_seed is
'yes'. Otherwise, if we don't have a newer loader, then use the old way
of only calling efi-seed-entropy if we're running on UEFI.

Add entropy_seed to default/loader.conf and add documentaiton that it's
the new one to use.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 47149
Build 44036: arc lint + arc unit

Event Timeline

imp created this revision.Aug 26 2022, 6:03 PM

Herald added a reviewer: manu. · View Herald TranscriptAug 26 2022, 6:03 PM

Herald added a subscriber: dab. · View Herald Transcript

imp requested review of this revision.Aug 26 2022, 6:03 PM

Harbormaster completed remote builds in B47145: Diff 109885.Aug 26 2022, 6:03 PM

imp added reviewers: kevans, cperciva.Aug 26 2022, 6:06 PM

kevans added inline comments.Aug 26 2022, 8:56 PM

stand/lua/core.lua
363	This should be shortened to `if loader.has_command and loader.has_command("seed-entropy") then` The `loader.has_command` lookup will just return nil if the method hadn't been defined in C.