Page MenuHomeFreeBSD
Files F36026720

D20780 format-patch
No One
Actions

Authored By
val_packett.cool
Jan 28 2022, 11:59 AM
Size
99 KB
Referenced Files
None
Subscribers
None

D20780 format-patch
View Options

From eb92ab48517ba4c6a793e8c9cecf6d6c027cd664 Mon Sep 17 00:00:00 2001
From: Greg V <greg@unrelenting.technology>
Date: Thu, 27 Jun 2019 17:39:22 +0300
Subject: [PATCH] loader: Add support for getting early entropy from the UEFI
RNG protocol
This is most useful on architectures like aarch64 that don't yet have
a HW RNG instruction that's as ubiquitous as AES-NI is on amd64.
Differential Revision: https://reviews.freebsd.org/D20780
---
stand/defaults/loader.conf | 4 ++-
stand/efi/include/efirng.h | 50 ++++++++++++++++++++++++++++++++
stand/efi/loader/main.c | 42 +++++++++++++++++++++++++++
stand/lua/core.lua | 10 +++++++
sys/dev/random/random_harvestq.c | 8 +++++
sys/sys/random.h | 1 +
6 files changed, 114 insertions(+), 1 deletion(-)
create mode 100644 stand/efi/include/efirng.h
diff --git a/stand/defaults/loader.conf b/stand/defaults/loader.conf
index 6feb909d708..24a47e75c39 100644
--- a/stand/defaults/loader.conf
+++ b/stand/defaults/loader.conf
@@ -1,177 +1,179 @@
# This is loader.conf - a file full of useful variables that you can
# set to change the default load behavior of your system. You should
# not edit this file! Put any overrides into one of the
# loader_conf_files instead and you will be able to update these
# defaults later without spamming your local configuration information.
#
# All arguments must be in double quotes.
#
# $FreeBSD$
### Basic configuration options ############################
exec="echo Loading /boot/defaults/loader.conf"
kernel="kernel" # /boot sub-directory containing kernel and modules
bootfile="kernel" # Kernel name (possibly absolute path)
kernel_options="" # Flags to be passed to the kernel
loader_conf_files="/boot/device.hints /boot/loader.conf /boot/loader.conf.local"
loader_conf_dirs="/boot/loader.conf.d"
nextboot_conf="/boot/nextboot.conf"
verbose_loading="NO" # Set to YES for verbose loader output
### Splash screen configuration ############################
splash_bmp_load="NO" # Set this to YES for bmp splash screen!
splash_pcx_load="NO" # Set this to YES for pcx splash screen!
splash_txt_load="NO" # Set this to YES for TheDraw splash screen!
vesa_load="NO" # Set this to YES to load the vesa module
bitmap_load="NO" # Set this to YES if you want splash screen!
bitmap_name="splash.bmp" # Set this to the name of the file
bitmap_type="splash_image_data" # and place it on the module_path
### Screen saver modules ###################################
# This is best done in rc.conf
screensave_load="NO" # Set to YES to load a screensaver module
screensave_name="green_saver" # Set to the name of the screensaver module
### Early hostid configuration ############################
hostuuid_load="YES"
hostuuid_name="/etc/hostid"
hostuuid_type="hostuuid"
### Random number generator configuration ##################
# See rc.conf(5). The entropy_boot_file config variable must agree with the
# settings below.
entropy_cache_load="YES" # Set this to NO to disable loading
- # entropy at boot time
+ # cached entropy at boot time
entropy_cache_name="/boot/entropy" # Set this to the name of the file
entropy_cache_type="boot_entropy_cache" # Required for the kernel to find
# the boot-time entropy cache. This
# must not change value even if the
# _name above does change!
+entropy_efi_seed="YES" # Set this to NO to disable loading
+ # entropy from the UEFI hardware random number generator API
### RAM Blacklist configuration ############################
ram_blacklist_load="NO" # Set this to YES to load a file
# containing a list of addresses to
# exclude from the running system.
ram_blacklist_name="/boot/blacklist.txt" # Set this to the name of the file
ram_blacklist_type="ram_blacklist" # Required for the kernel to find
# the blacklist module
### Microcode loading configuration ########################
cpu_microcode_load="NO" # Set this to YES to load and apply a
# microcode update file during boot.
cpu_microcode_name="/boot/firmware/ucode.bin" # Set this to the microcode
# update file path.
cpu_microcode_type="cpu_microcode" # Required for the kernel to find
# the microcode update file.
### ACPI settings ##########################################
acpi_dsdt_load="NO" # DSDT Overriding
acpi_dsdt_type="acpi_dsdt" # Don't change this
acpi_dsdt_name="/boot/acpi_dsdt.aml"
# Override DSDT in BIOS by this file
acpi_video_load="NO" # Load the ACPI video extension driver
### Audit settings #########################################
audit_event_load="NO" # Preload audit_event config
audit_event_name="/etc/security/audit_event"
audit_event_type="etc_security_audit_event"
### Initial memory disk settings ###########################
#mdroot_load="YES" # The "mdroot" prefix is arbitrary.
#mdroot_type="md_image" # Create md(4) disk at boot.
#mdroot_name="/boot/root.img" # Path to a file containing the image.
#rootdev="ufs:/dev/md0" # Set the root filesystem to md(4) device.
### Loader settings ########################################
#loader_delay="3" # Delay in seconds before loading anything.
# Default is unset and disabled (no delay).
#autoboot_delay="10" # Delay in seconds before autobooting,
# -1 for no user interrupts, NO to disable
#password="" # Prevent changes to boot options
#bootlock_password="" # Prevent booting (see check-password.4th(8))
#geom_eli_passphrase_prompt="NO" # Prompt for geli(8) passphrase to mount root
bootenv_autolist="YES" # Auto populate the list of ZFS Boot Environments
#beastie_disable="NO" # Turn the beastie boot menu on and off
efi_max_resolution="1x1" # Set the max resolution for EFI loader to use:
# 480p, 720p, 1080p, 2160p/4k, 5k, or specify
# WidthxHeight (e.g. 1920x1080)
#kernels="kernel kernel.old" # Kernels to display in the boot menu
kernels_autodetect="YES" # Auto-detect kernel directories in /boot
#loader_logo="orbbw" # Desired logo: orbbw, orb, fbsdbw, beastiebw, beastie, none
#comconsole_speed="9600" # Set the current serial console speed
#console="vidconsole" # A comma separated list of console(s)
#currdev="disk1s1a" # Set the current device
module_path="/boot/modules;/boot/dtb;/boot/dtb/overlays" # Set the module search path
module_blacklist="drm drm2 radeonkms i915kms amdgpu" # Loader module blacklist
#prompt="\\${interpret}" # Set the command prompt
#root_disk_unit="0" # Force the root disk unit number
#rootdev="disk1s1a" # Set the root filesystem
#dumpdev="disk1s1b" # Set a dump device early in the boot process
#tftp.blksize="1428" # Set the RFC 2348 TFTP block size.
# If the TFTP server does not support RFC 2348,
# the block size is set to 512. Valid: (8,9007)
#twiddle_divisor="16" # >16 slows down the progress indicator;
# <16 speeds up the progress indicator.
### Kernel settings ########################################
# The following boot_ variables are enabled by setting them to any value.
# Their presence in the kernel environment (see kenv(1)) has the same
# effect as setting the given boot flag (see boot(8)).
#boot_askname="" # -a: Prompt the user for the name of the root device
#boot_cdrom="" # -C: Attempt to mount root file system from CD-ROM
#boot_ddb="" # -d: Instructs the kernel to start in the DDB debugger
#boot_dfltroot="" # -r: Use the statically configured root file system
#boot_gdb="" # -g: Selects gdb-remote mode for the kernel debugger
#boot_multicons="" # -D: Use multiple consoles
#boot_mute="" # -m: Mute the console
#boot_pause="" # -p: Pause after each line during device probing
#boot_serial="" # -h: Use serial console
#boot_single="" # -s: Start system in single-user mode
#boot_verbose="" # -v: Causes extra debugging information to be printed
#init_path="/sbin/init:/sbin/oinit:/sbin/init.bak:/rescue/init"
# Sets the list of init candidates
#init_shell="/bin/sh" # The shell binary used by init(8).
#init_script="" # Initial script to run by init(8) before chrooting.
#init_chroot="" # Directory for init(8) to chroot into.
### Kernel tunables ########################################
#hw.physmem="1G" # Limit physical memory. See loader(8)
#kern.dfldsiz="" # Set the initial data size limit
#kern.dflssiz="" # Set the initial stack size limit
#kern.hz="100" # Set the kernel interval timer rate
#kern.maxbcache="" # Set the max buffer cache KVA storage
#kern.maxdsiz="" # Set the max data size
#kern.maxfiles="" # Set the sys. wide open files limit
#kern.maxproc="" # Set the maximum # of processes
#kern.maxssiz="" # Set the max stack size
#kern.maxswzone="" # Set the max swmeta KVA storage
#kern.maxtsiz="" # Set the max text size
#kern.maxusers="32" # Set size of various static tables
#kern.msgbufsize="65536" # Set size of kernel message buffer
#kern.nbuf="" # Set the number of buffer headers
#kern.ncallout="" # Set the maximum # of timer events
#kern.ngroups="1023" # Set the maximum # of supplemental groups
#kern.sgrowsiz="" # Set the amount to grow stack
#kern.cam.boot_delay="10000" # Delay (in ms) of root mount for CAM bus
# registration, useful for USB sticks as root
#kern.cam.scsi_delay="2000" # Delay (in ms) before probing SCSI
#kern.ipc.maxsockets="" # Set the maximum number of sockets available
#kern.ipc.nmbclusters="" # Set the number of mbuf clusters
#kern.ipc.nsfbufs="" # Set the number of sendfile(2) bufs
#net.inet.tcp.tcbhashsize="" # Set the value of TCBHASHSIZE
#vfs.root.mountfrom="" # Specify root partition
#vm.kmem_size="" # Sets the size of kernel memory (bytes)
#debug.kdb.break_to_debugger="0" # Allow console to break into debugger.
#debug.ktr.cpumask="0xf" # Bitmask of CPUs to enable KTR on
#debug.ktr.mask="0x1200" # Bitmask of KTR events to enable
#debug.ktr.verbose="1" # Enable console dump of KTR events
### Module loading syntax example ##########################
#module_load="YES" # loads module "module"
#module_name="realname" # uses "realname" instead of "module"
#module_type="type" # passes "-t type" to load
#module_flags="flags" # passes "flags" to the module
#module_before="cmd" # executes "cmd" before loading the module
#module_after="cmd" # executes "cmd" after loading the module
#module_error="cmd" # executes "cmd" if load fails
diff --git a/stand/efi/include/efirng.h b/stand/efi/include/efirng.h
new file mode 100644
index 00000000000..3d6c7767798
--- /dev/null
+++ b/stand/efi/include/efirng.h
@@ -0,0 +1,50 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright 2006 - 2016 Unified EFI, Inc.<BR>
+ * Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+ * This program and the accompanying materials
+ * are licensed and made available under the terms and conditions of the BSD License
+ * which accompanies this distribution. The full text of the license may be found at
+ * http://opensource.org/licenses/bsd-license.php
+ *
+ * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+ *
+ */
+
+#ifndef _EFIRNG_H
+#define _EFIRNG_H
+
+#define EFI_RNG_PROTOCOL_GUID \
+ { 0x3152bca5, 0xeade, 0x433d, {0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44} }
+
+INTERFACE_DECL(_EFI_RNG_PROTOCOL);
+
+typedef EFI_GUID EFI_RNG_ALGORITHM;
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_RNG_GET_INFO) (
+ IN struct _EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ );
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_RNG_GET_RNG) (
+ IN struct _EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ );
+
+typedef struct _EFI_RNG_PROTOCOL {
+ EFI_RNG_GET_INFO GetInfo;
+ EFI_RNG_GET_RNG GetRNG;
+} EFI_RNG_PROTOCOL;
+
+static EFI_GUID rng_guid = EFI_RNG_PROTOCOL_GUID;
+
+#endif /* _EFIRNG_H */
diff --git a/stand/efi/loader/main.c b/stand/efi/loader/main.c
index 7b78f94eb36..eb143989190 100644
--- a/stand/efi/loader/main.c
+++ b/stand/efi/loader/main.c
@@ -1,1682 +1,1724 @@
/*-
* Copyright (c) 2008-2010 Rui Paulo
* Copyright (c) 2006 Marcel Moolenaar
* All rights reserved.
*
* Copyright (c) 2016-2019 Netflix, Inc. written by M. Warner Losh
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <stand.h>
#include <sys/disk.h>
#include <sys/param.h>
#include <sys/reboot.h>
#include <sys/boot.h>
#ifdef EFI_ZFS_BOOT
#include <sys/zfs_bootenv.h>
#endif
#include <paths.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <stdint.h>
#include <string.h>
#include <setjmp.h>
#include <disk.h>
#include <dev_net.h>
#include <net.h>
#include <efi.h>
#include <efilib.h>
#include <efichar.h>
+#include <efirng.h>
#include <uuid.h>
#include <bootstrap.h>
#include <smbios.h>
#include "efizfs.h"
#include "loader_efi.h"
struct arch_switch archsw; /* MI/MD interface boundary */
EFI_GUID acpi = ACPI_TABLE_GUID;
EFI_GUID acpi20 = ACPI_20_TABLE_GUID;
EFI_GUID devid = DEVICE_PATH_PROTOCOL;
EFI_GUID imgid = LOADED_IMAGE_PROTOCOL;
EFI_GUID mps = MPS_TABLE_GUID;
EFI_GUID netid = EFI_SIMPLE_NETWORK_PROTOCOL;
EFI_GUID smbios = SMBIOS_TABLE_GUID;
EFI_GUID smbios3 = SMBIOS3_TABLE_GUID;
EFI_GUID dxe = DXE_SERVICES_TABLE_GUID;
EFI_GUID hoblist = HOB_LIST_TABLE_GUID;
EFI_GUID lzmadecomp = LZMA_DECOMPRESSION_GUID;
EFI_GUID mpcore = ARM_MP_CORE_INFO_TABLE_GUID;
EFI_GUID esrt = ESRT_TABLE_GUID;
EFI_GUID memtype = MEMORY_TYPE_INFORMATION_TABLE_GUID;
EFI_GUID debugimg = DEBUG_IMAGE_INFO_TABLE_GUID;
EFI_GUID fdtdtb = FDT_TABLE_GUID;
EFI_GUID inputid = SIMPLE_TEXT_INPUT_PROTOCOL;
/*
* Number of seconds to wait for a keystroke before exiting with failure
* in the event no currdev is found. -2 means always break, -1 means
* never break, 0 means poll once and then reboot, > 0 means wait for
* that many seconds. "fail_timeout" can be set in the environment as
* well.
*/
static int fail_timeout = 5;
/*
* Current boot variable
*/
UINT16 boot_current;
/*
* Image that we booted from.
*/
EFI_LOADED_IMAGE *boot_img;
static bool
has_keyboard(void)
{
EFI_STATUS status;
EFI_DEVICE_PATH *path;
EFI_HANDLE *hin, *hin_end, *walker;
UINTN sz;
bool retval = false;
/*
* Find all the handles that support the SIMPLE_TEXT_INPUT_PROTOCOL and
* do the typical dance to get the right sized buffer.
*/
sz = 0;
hin = NULL;
status = BS->LocateHandle(ByProtocol, &inputid, 0, &sz, 0);
if (status == EFI_BUFFER_TOO_SMALL) {
hin = (EFI_HANDLE *)malloc(sz);
status = BS->LocateHandle(ByProtocol, &inputid, 0, &sz,
hin);
if (EFI_ERROR(status))
free(hin);
}
if (EFI_ERROR(status))
return retval;
/*
* Look at each of the handles. If it supports the device path protocol,
* use it to get the device path for this handle. Then see if that
* device path matches either the USB device path for keyboards or the
* legacy device path for keyboards.
*/
hin_end = &hin[sz / sizeof(*hin)];
for (walker = hin; walker < hin_end; walker++) {
status = OpenProtocolByHandle(*walker, &devid, (void **)&path);
if (EFI_ERROR(status))
continue;
while (!IsDevicePathEnd(path)) {
/*
* Check for the ACPI keyboard node. All PNP3xx nodes
* are keyboards of different flavors. Note: It is
* unclear of there's always a keyboard node when
* there's a keyboard controller, or if there's only one
* when a keyboard is detected at boot.
*/
if (DevicePathType(path) == ACPI_DEVICE_PATH &&
(DevicePathSubType(path) == ACPI_DP ||
DevicePathSubType(path) == ACPI_EXTENDED_DP)) {
ACPI_HID_DEVICE_PATH *acpi;
acpi = (ACPI_HID_DEVICE_PATH *)(void *)path;
if ((EISA_ID_TO_NUM(acpi->HID) & 0xff00) == 0x300 &&
(acpi->HID & 0xffff) == PNP_EISA_ID_CONST) {
retval = true;
goto out;
}
/*
* Check for USB keyboard node, if present. Unlike a
* PS/2 keyboard, these definitely only appear when
* connected to the system.
*/
} else if (DevicePathType(path) == MESSAGING_DEVICE_PATH &&
DevicePathSubType(path) == MSG_USB_CLASS_DP) {
USB_CLASS_DEVICE_PATH *usb;
usb = (USB_CLASS_DEVICE_PATH *)(void *)path;
if (usb->DeviceClass == 3 && /* HID */
usb->DeviceSubClass == 1 && /* Boot devices */
usb->DeviceProtocol == 1) { /* Boot keyboards */
retval = true;
goto out;
}
}
path = NextDevicePathNode(path);
}
}
out:
free(hin);
return retval;
}
static void
set_currdev(const char *devname)
{
env_setenv("currdev", EV_VOLATILE, devname, efi_setcurrdev,
env_nounset);
/*
* Don't execute hook here; the loaddev hook makes it immutable
* once we've determined what the proper currdev is.
*/
env_setenv("loaddev", EV_VOLATILE | EV_NOHOOK, devname, env_noset,
env_nounset);
}
static void
set_currdev_devdesc(struct devdesc *currdev)
{
const char *devname;
devname = efi_fmtdev(currdev);
printf("Setting currdev to %s\n", devname);
set_currdev(devname);
}
static void
set_currdev_devsw(struct devsw *dev, int unit)
{
struct devdesc currdev;
currdev.d_dev = dev;
currdev.d_unit = unit;
set_currdev_devdesc(&currdev);
}
static void
set_currdev_pdinfo(pdinfo_t *dp)
{
/*
* Disks are special: they have partitions. if the parent
* pointer is non-null, we're a partition not a full disk
* and we need to adjust currdev appropriately.
*/
if (dp->pd_devsw->dv_type == DEVT_DISK) {
struct disk_devdesc currdev;
currdev.dd.d_dev = dp->pd_devsw;
if (dp->pd_parent == NULL) {
currdev.dd.d_unit = dp->pd_unit;
currdev.d_slice = D_SLICENONE;
currdev.d_partition = D_PARTNONE;
} else {
currdev.dd.d_unit = dp->pd_parent->pd_unit;
currdev.d_slice = dp->pd_unit;
currdev.d_partition = D_PARTISGPT; /* XXX Assumes GPT */
}
set_currdev_devdesc((struct devdesc *)&currdev);
} else {
set_currdev_devsw(dp->pd_devsw, dp->pd_unit);
}
}
static bool
sanity_check_currdev(void)
{
struct stat st;
return (stat(PATH_DEFAULTS_LOADER_CONF, &st) == 0 ||
#ifdef PATH_BOOTABLE_TOKEN
stat(PATH_BOOTABLE_TOKEN, &st) == 0 || /* non-standard layout */
#endif
stat(PATH_KERNEL, &st) == 0);
}
#ifdef EFI_ZFS_BOOT
static bool
probe_zfs_currdev(uint64_t guid)
{
char *devname;
struct zfs_devdesc currdev;
char *buf = NULL;
bool rv;
currdev.dd.d_dev = &zfs_dev;
currdev.dd.d_unit = 0;
currdev.pool_guid = guid;
currdev.root_guid = 0;
set_currdev_devdesc((struct devdesc *)&currdev);
devname = efi_fmtdev(&currdev);
init_zfs_boot_options(devname);
rv = sanity_check_currdev();
if (rv) {
buf = malloc(VDEV_PAD_SIZE);
if (buf != NULL) {
if (zfs_get_bootonce(&currdev, OS_BOOTONCE, buf,
VDEV_PAD_SIZE) == 0) {
printf("zfs bootonce: %s\n", buf);
set_currdev(buf);
setenv("zfs-bootonce", buf, 1);
}
free(buf);
(void) zfs_attach_nvstore(&currdev);
}
}
return (rv);
}
#endif
#ifdef MD_IMAGE_SIZE
static bool
probe_md_currdev(void)
{
extern struct devsw md_dev;
bool rv;
set_currdev_devsw(&md_dev, 0);
rv = sanity_check_currdev();
if (!rv)
printf("MD not present\n");
return (rv);
}
#endif
static bool
try_as_currdev(pdinfo_t *hd, pdinfo_t *pp)
{
uint64_t guid;
#ifdef EFI_ZFS_BOOT
/*
* If there's a zpool on this device, try it as a ZFS
* filesystem, which has somewhat different setup than all
* other types of fs due to imperfect loader integration.
* This all stems from ZFS being both a device (zpool) and
* a filesystem, plus the boot env feature.
*/
if (efizfs_get_guid_by_handle(pp->pd_handle, &guid))
return (probe_zfs_currdev(guid));
#endif
/*
* All other filesystems just need the pdinfo
* initialized in the standard way.
*/
set_currdev_pdinfo(pp);
return (sanity_check_currdev());
}
/*
* Sometimes we get filenames that are all upper case
* and/or have backslashes in them. Filter all this out
* if it looks like we need to do so.
*/
static void
fix_dosisms(char *p)
{
while (*p) {
if (isupper(*p))
*p = tolower(*p);
else if (*p == '\\')
*p = '/';
p++;
}
}
#define SIZE(dp, edp) (size_t)((intptr_t)(void *)edp - (intptr_t)(void *)dp)
enum { BOOT_INFO_OK = 0, BAD_CHOICE = 1, NOT_SPECIFIC = 2 };
static int
match_boot_info(char *boot_info, size_t bisz)
{
uint32_t attr;
uint16_t fplen;
size_t len;
char *walker, *ep;
EFI_DEVICE_PATH *dp, *edp, *first_dp, *last_dp;
pdinfo_t *pp;
CHAR16 *descr;
char *kernel = NULL;
FILEPATH_DEVICE_PATH *fp;
struct stat st;
CHAR16 *text;
/*
* FreeBSD encodes its boot loading path into the boot loader
* BootXXXX variable. We look for the last one in the path
* and use that to load the kernel. However, if we only find
* one DEVICE_PATH, then there's nothing specific and we should
* fall back.
*
* In an ideal world, we'd look at the image handle we were
* passed, match up with the loader we are and then return the
* next one in the path. This would be most flexible and cover
* many chain booting scenarios where you need to use this
* boot loader to get to the next boot loader. However, that
* doesn't work. We rarely have the path to the image booted
* (just the device) so we can't count on that. So, we do the
* next best thing: we look through the device path(s) passed
* in the BootXXXX variable. If there's only one, we return
* NOT_SPECIFIC. Otherwise, we look at the last one and try to
* load that. If we can, we return BOOT_INFO_OK. Otherwise we
* return BAD_CHOICE for the caller to sort out.
*/
if (bisz < sizeof(attr) + sizeof(fplen) + sizeof(CHAR16))
return NOT_SPECIFIC;
walker = boot_info;
ep = walker + bisz;
memcpy(&attr, walker, sizeof(attr));
walker += sizeof(attr);
memcpy(&fplen, walker, sizeof(fplen));
walker += sizeof(fplen);
descr = (CHAR16 *)(intptr_t)walker;
len = ucs2len(descr);
walker += (len + 1) * sizeof(CHAR16);
last_dp = first_dp = dp = (EFI_DEVICE_PATH *)walker;
edp = (EFI_DEVICE_PATH *)(walker + fplen);
if ((char *)edp > ep)
return NOT_SPECIFIC;
while (dp < edp && SIZE(dp, edp) > sizeof(EFI_DEVICE_PATH)) {
text = efi_devpath_name(dp);
if (text != NULL) {
printf(" BootInfo Path: %S\n", text);
efi_free_devpath_name(text);
}
last_dp = dp;
dp = (EFI_DEVICE_PATH *)((char *)dp + efi_devpath_length(dp));
}
/*
* If there's only one item in the list, then nothing was
* specified. Or if the last path doesn't have a media
* path in it. Those show up as various VenHw() nodes
* which are basically opaque to us. Don't count those
* as something specifc.
*/
if (last_dp == first_dp) {
printf("Ignoring Boot%04x: Only one DP found\n", boot_current);
return NOT_SPECIFIC;
}
if (efi_devpath_to_media_path(last_dp) == NULL) {
printf("Ignoring Boot%04x: No Media Path\n", boot_current);
return NOT_SPECIFIC;
}
/*
* OK. At this point we either have a good path or a bad one.
* Let's check.
*/
pp = efiblk_get_pdinfo_by_device_path(last_dp);
if (pp == NULL) {
printf("Ignoring Boot%04x: Device Path not found\n", boot_current);
return BAD_CHOICE;
}
set_currdev_pdinfo(pp);
if (!sanity_check_currdev()) {
printf("Ignoring Boot%04x: sanity check failed\n", boot_current);
return BAD_CHOICE;
}
/*
* OK. We've found a device that matches, next we need to check the last
* component of the path. If it's a file, then we set the default kernel
* to that. Otherwise, just use this as the default root.
*
* Reminder: we're running very early, before we've parsed the defaults
* file, so we may need to have a hack override.
*/
dp = efi_devpath_last_node(last_dp);
if (DevicePathType(dp) != MEDIA_DEVICE_PATH ||
DevicePathSubType(dp) != MEDIA_FILEPATH_DP) {
printf("Using Boot%04x for root partition\n", boot_current);
return (BOOT_INFO_OK); /* use currdir, default kernel */
}
fp = (FILEPATH_DEVICE_PATH *)dp;
ucs2_to_utf8(fp->PathName, &kernel);
if (kernel == NULL) {
printf("Not using Boot%04x: can't decode kernel\n", boot_current);
return (BAD_CHOICE);
}
if (*kernel == '\\' || isupper(*kernel))
fix_dosisms(kernel);
if (stat(kernel, &st) != 0) {
free(kernel);
printf("Not using Boot%04x: can't find %s\n", boot_current,
kernel);
return (BAD_CHOICE);
}
setenv("kernel", kernel, 1);
free(kernel);
text = efi_devpath_name(last_dp);
if (text) {
printf("Using Boot%04x %S + %s\n", boot_current, text,
kernel);
efi_free_devpath_name(text);
}
return (BOOT_INFO_OK);
}
/*
* Look at the passed-in boot_info, if any. If we find it then we need
* to see if we can find ourselves in the boot chain. If we can, and
* there's another specified thing to boot next, assume that the file
* is loaded from / and use that for the root filesystem. If can't
* find the specified thing, we must fail the boot. If we're last on
* the list, then we fallback to looking for the first available /
* candidate (ZFS, if there's a bootable zpool, otherwise a UFS
* partition that has either /boot/defaults/loader.conf on it or
* /boot/kernel/kernel (the default kernel) that we can use.
*
* We always fail if we can't find the right thing. However, as
* a concession to buggy UEFI implementations, like u-boot, if
* we have determined that the host is violating the UEFI boot
* manager protocol, we'll signal the rest of the program that
* a drop to the OK boot loader prompt is possible.
*/
static int
find_currdev(bool do_bootmgr, bool is_last,
char *boot_info, size_t boot_info_sz)
{
pdinfo_t *dp, *pp;
EFI_DEVICE_PATH *devpath, *copy;
EFI_HANDLE h;
CHAR16 *text;
struct devsw *dev;
int unit;
uint64_t extra;
int rv;
char *rootdev;
/*
* First choice: if rootdev is already set, use that, even if
* it's wrong.
*/
rootdev = getenv("rootdev");
if (rootdev != NULL) {
printf(" Setting currdev to configured rootdev %s\n",
rootdev);
set_currdev(rootdev);
return (0);
}
/*
* Second choice: If uefi_rootdev is set, translate that UEFI device
* path to the loader's internal name and use that.
*/
do {
rootdev = getenv("uefi_rootdev");
if (rootdev == NULL)
break;
devpath = efi_name_to_devpath(rootdev);
if (devpath == NULL)
break;
dp = efiblk_get_pdinfo_by_device_path(devpath);
efi_devpath_free(devpath);
if (dp == NULL)
break;
printf(" Setting currdev to UEFI path %s\n",
rootdev);
set_currdev_pdinfo(dp);
return (0);
} while (0);
/*
* Third choice: If we can find out image boot_info, and there's
* a follow-on boot image in that boot_info, use that. In this
* case root will be the partition specified in that image and
* we'll load the kernel specified by the file path. Should there
* not be a filepath, we use the default. This filepath overrides
* loader.conf.
*/
if (do_bootmgr) {
rv = match_boot_info(boot_info, boot_info_sz);
switch (rv) {
case BOOT_INFO_OK: /* We found it */
return (0);
case BAD_CHOICE: /* specified file not found -> error */
/* XXX do we want to have an escape hatch for last in boot order? */
return (ENOENT);
} /* Nothing specified, try normal match */
}
#ifdef EFI_ZFS_BOOT
/*
* Did efi_zfs_probe() detect the boot pool? If so, use the zpool
* it found, if it's sane. ZFS is the only thing that looks for
* disks and pools to boot. This may change in the future, however,
* if we allow specifying which pool to boot from via UEFI variables
* rather than the bootenv stuff that FreeBSD uses today.
*/
if (pool_guid != 0) {
printf("Trying ZFS pool\n");
if (probe_zfs_currdev(pool_guid))
return (0);
}
#endif /* EFI_ZFS_BOOT */
#ifdef MD_IMAGE_SIZE
/*
* If there is an embedded MD, try to use that.
*/
printf("Trying MD\n");
if (probe_md_currdev())
return (0);
#endif /* MD_IMAGE_SIZE */
/*
* Try to find the block device by its handle based on the
* image we're booting. If we can't find a sane partition,
* search all the other partitions of the disk. We do not
* search other disks because it's a violation of the UEFI
* boot protocol to do so. We fail and let UEFI go on to
* the next candidate.
*/
dp = efiblk_get_pdinfo_by_handle(boot_img->DeviceHandle);
if (dp != NULL) {
text = efi_devpath_name(dp->pd_devpath);
if (text != NULL) {
printf("Trying ESP: %S\n", text);
efi_free_devpath_name(text);
}
set_currdev_pdinfo(dp);
if (sanity_check_currdev())
return (0);
if (dp->pd_parent != NULL) {
pdinfo_t *espdp = dp;
dp = dp->pd_parent;
STAILQ_FOREACH(pp, &dp->pd_part, pd_link) {
/* Already tried the ESP */
if (espdp == pp)
continue;
/*
* Roll up the ZFS special case
* for those partitions that have
* zpools on them.
*/
text = efi_devpath_name(pp->pd_devpath);
if (text != NULL) {
printf("Trying: %S\n", text);
efi_free_devpath_name(text);
}
if (try_as_currdev(dp, pp))
return (0);
}
}
}
/*
* Try the device handle from our loaded image first. If that
* fails, use the device path from the loaded image and see if
* any of the nodes in that path match one of the enumerated
* handles. Currently, this handle list is only for netboot.
*/
if (efi_handle_lookup(boot_img->DeviceHandle, &dev, &unit, &extra) == 0) {
set_currdev_devsw(dev, unit);
if (sanity_check_currdev())
return (0);
}
copy = NULL;
devpath = efi_lookup_image_devpath(IH);
while (devpath != NULL) {
h = efi_devpath_handle(devpath);
if (h == NULL)
break;
free(copy);
copy = NULL;
if (efi_handle_lookup(h, &dev, &unit, &extra) == 0) {
set_currdev_devsw(dev, unit);
if (sanity_check_currdev())
return (0);
}
devpath = efi_lookup_devpath(h);
if (devpath != NULL) {
copy = efi_devpath_trim(devpath);
devpath = copy;
}
}
free(copy);
return (ENOENT);
}
static bool
interactive_interrupt(const char *msg)
{
time_t now, then, last;
last = 0;
now = then = getsecs();
printf("%s\n", msg);
if (fail_timeout == -2) /* Always break to OK */
return (true);
if (fail_timeout == -1) /* Never break to OK */
return (false);
do {
if (last != now) {
printf("press any key to interrupt reboot in %d seconds\r",
fail_timeout - (int)(now - then));
last = now;
}
/* XXX no pause or timeout wait for char */
if (ischar())
return (true);
now = getsecs();
} while (now - then < fail_timeout);
return (false);
}
static int
parse_args(int argc, CHAR16 *argv[])
{
int i, j, howto;
bool vargood;
char var[128];
/*
* Parse the args to set the console settings, etc
* boot1.efi passes these in, if it can read /boot.config or /boot/config
* or iPXE may be setup to pass these in. Or the optional argument in the
* boot environment was used to pass these arguments in (in which case
* neither /boot.config nor /boot/config are consulted).
*
* Loop through the args, and for each one that contains an '=' that is
* not the first character, add it to the environment. This allows
* loader and kernel env vars to be passed on the command line. Convert
* args from UCS-2 to ASCII (16 to 8 bit) as they are copied (though this
* method is flawed for non-ASCII characters).
*/
howto = 0;
for (i = 1; i < argc; i++) {
cpy16to8(argv[i], var, sizeof(var));
howto |= boot_parse_arg(var);
}
return (howto);
}
static void
setenv_int(const char *key, int val)
{
char buf[20];
snprintf(buf, sizeof(buf), "%d", val);
setenv(key, buf, 1);
}
/*
* Parse ConOut (the list of consoles active) and see if we can find a
* serial port and/or a video port. It would be nice to also walk the
* ACPI name space to map the UID for the serial port to a port. The
* latter is especially hard.
*/
int
parse_uefi_con_out(void)
{
int how, rv;
int vid_seen = 0, com_seen = 0, seen = 0;
size_t sz;
char buf[4096], *ep;
EFI_DEVICE_PATH *node;
ACPI_HID_DEVICE_PATH *acpi;
UART_DEVICE_PATH *uart;
bool pci_pending;
how = 0;
sz = sizeof(buf);
rv = efi_global_getenv("ConOut", buf, &sz);
if (rv != EFI_SUCCESS)
rv = efi_global_getenv("ConOutDev", buf, &sz);
if (rv != EFI_SUCCESS) {
/* If we don't have any ConOut default to serial */
how = RB_SERIAL;
goto out;
}
ep = buf + sz;
node = (EFI_DEVICE_PATH *)buf;
while ((char *)node < ep) {
if (IsDevicePathEndType(node)) {
if (pci_pending && vid_seen == 0)
vid_seen = ++seen;
}
pci_pending = false;
if (DevicePathType(node) == ACPI_DEVICE_PATH &&
(DevicePathSubType(node) == ACPI_DP ||
DevicePathSubType(node) == ACPI_EXTENDED_DP)) {
/* Check for Serial node */
acpi = (void *)node;
if (EISA_ID_TO_NUM(acpi->HID) == 0x501) {
setenv_int("efi_8250_uid", acpi->UID);
com_seen = ++seen;
}
} else if (DevicePathType(node) == MESSAGING_DEVICE_PATH &&
DevicePathSubType(node) == MSG_UART_DP) {
com_seen = ++seen;
uart = (void *)node;
setenv_int("efi_com_speed", uart->BaudRate);
} else if (DevicePathType(node) == ACPI_DEVICE_PATH &&
DevicePathSubType(node) == ACPI_ADR_DP) {
/* Check for AcpiAdr() Node for video */
vid_seen = ++seen;
} else if (DevicePathType(node) == HARDWARE_DEVICE_PATH &&
DevicePathSubType(node) == HW_PCI_DP) {
/*
* Note, vmware fusion has a funky console device
* PciRoot(0x0)/Pci(0xf,0x0)
* which we can only detect at the end since we also
* have to cope with:
* PciRoot(0x0)/Pci(0x1f,0x0)/Serial(0x1)
* so only match it if it's last.
*/
pci_pending = true;
}
node = NextDevicePathNode(node);
}
/*
* Truth table for RB_MULTIPLE | RB_SERIAL
* Value Result
* 0 Use only video console
* RB_SERIAL Use only serial console
* RB_MULTIPLE Use both video and serial console
* (but video is primary so gets rc messages)
* both Use both video and serial console
* (but serial is primary so gets rc messages)
*
* Try to honor this as best we can. If only one of serial / video
* found, then use that. Otherwise, use the first one we found.
* This also implies if we found nothing, default to video.
*/
how = 0;
if (vid_seen && com_seen) {
how |= RB_MULTIPLE;
if (com_seen < vid_seen)
how |= RB_SERIAL;
} else if (com_seen)
how |= RB_SERIAL;
out:
return (how);
}
void
parse_loader_efi_config(EFI_HANDLE h, const char *env_fn)
{
pdinfo_t *dp;
struct stat st;
int fd = -1;
char *env = NULL;
dp = efiblk_get_pdinfo_by_handle(h);
if (dp == NULL)
return;
set_currdev_pdinfo(dp);
if (stat(env_fn, &st) != 0)
return;
fd = open(env_fn, O_RDONLY);
if (fd == -1)
return;
env = malloc(st.st_size + 1);
if (env == NULL)
goto out;
if (read(fd, env, st.st_size) != st.st_size)
goto out;
env[st.st_size] = '\0';
boot_parse_cmdline(env);
out:
free(env);
close(fd);
}
static void
read_loader_env(const char *name, char *def_fn, bool once)
{
UINTN len;
char *fn, *freeme = NULL;
len = 0;
fn = def_fn;
if (efi_freebsd_getenv(name, NULL, &len) == EFI_BUFFER_TOO_SMALL) {
freeme = fn = malloc(len + 1);
if (fn != NULL) {
if (efi_freebsd_getenv(name, fn, &len) != EFI_SUCCESS) {
free(fn);
fn = NULL;
printf(
"Can't fetch FreeBSD::%s we know is there\n", name);
} else {
/*
* if tagged as 'once' delete the env variable so we
* only use it once.
*/
if (once)
efi_freebsd_delenv(name);
/*
* We malloced 1 more than len above, then redid the call.
* so now we have room at the end of the string to NUL terminate
* it here, even if the typical idium would have '- 1' here to
* not overflow. len should be the same on return both times.
*/
fn[len] = '\0';
}
} else {
printf(
"Can't allocate %d bytes to fetch FreeBSD::%s env var\n",
len, name);
}
}
if (fn) {
printf(" Reading loader env vars from %s\n", fn);
parse_loader_efi_config(boot_img->DeviceHandle, fn);
}
}
caddr_t
ptov(uintptr_t x)
{
return ((caddr_t)x);
}
EFI_STATUS
main(int argc, CHAR16 *argv[])
{
EFI_GUID *guid;
int howto, i, uhowto;
UINTN k;
bool has_kbd, is_last;
char *s;
EFI_DEVICE_PATH *imgpath;
CHAR16 *text;
EFI_STATUS rv;
size_t sz, bosz = 0, bisz = 0;
UINT16 boot_order[100];
char boot_info[4096];
char buf[32];
bool uefi_boot_mgr;
archsw.arch_autoload = efi_autoload;
archsw.arch_getdev = efi_getdev;
archsw.arch_copyin = efi_copyin;
archsw.arch_copyout = efi_copyout;
#ifdef __amd64__
archsw.arch_hypervisor = x86_hypervisor;
#endif
archsw.arch_readin = efi_readin;
archsw.arch_zfs_probe = efi_zfs_probe;
/* Get our loaded image protocol interface structure. */
(void) OpenProtocolByHandle(IH, &imgid, (void **)&boot_img);
/*
* Chicken-and-egg problem; we want to have console output early, but
* some console attributes may depend on reading from eg. the boot
* device, which we can't do yet. We can use printf() etc. once this is
* done. So, we set it to the efi console, then call console init. This
* gets us printf early, but also primes the pump for all future console
* changes to take effect, regardless of where they come from.
*/
setenv("console", "efi", 1);
uhowto = parse_uefi_con_out();
#if defined(__riscv)
if ((uhowto & RB_SERIAL) != 0)
setenv("console", "comconsole", 1);
#endif
cons_probe();
/* Set up currdev variable to have hooks in place. */
env_setenv("currdev", EV_VOLATILE, "", efi_setcurrdev, env_nounset);
/* Init the time source */
efi_time_init();
/*
* Initialise the block cache. Set the upper limit.
*/
bcache_init(32768, 512);
/*
* Scan the BLOCK IO MEDIA handles then
* march through the device switch probing for things.
*/
i = efipart_inithandles();
if (i != 0 && i != ENOENT) {
printf("efipart_inithandles failed with ERRNO %d, expect "
"failures\n", i);
}
for (i = 0; devsw[i] != NULL; i++)
if (devsw[i]->dv_init != NULL)
(devsw[i]->dv_init)();
/*
* Detect console settings two different ways: one via the command
* args (eg -h) or via the UEFI ConOut variable.
*/
has_kbd = has_keyboard();
howto = parse_args(argc, argv);
if (!has_kbd && (howto & RB_PROBE))
howto |= RB_SERIAL | RB_MULTIPLE;
howto &= ~RB_PROBE;
/*
* Read additional environment variables from the boot device's
* "LoaderEnv" file. Any boot loader environment variable may be set
* there, which are subtly different than loader.conf variables. Only
* the 'simple' ones may be set so things like foo_load="YES" won't work
* for two reasons. First, the parser is simplistic and doesn't grok
* quotes. Second, because the variables that cause an action to happen
* are parsed by the lua, 4th or whatever code that's not yet
* loaded. This is relative to the root directory when loader.efi is
* loaded off the UFS root drive (when chain booted), or from the ESP
* when directly loaded by the BIOS.
*
* We also read in NextLoaderEnv if it was specified. This allows next boot
* functionality to be implemented and to override anything in LoaderEnv.
*/
read_loader_env("LoaderEnv", "/efi/freebsd/loader.env", false);
read_loader_env("NextLoaderEnv", NULL, true);
/*
* We now have two notions of console. howto should be viewed as
* overrides. If console is already set, don't set it again.
*/
#define VIDEO_ONLY 0
#define SERIAL_ONLY RB_SERIAL
#define VID_SER_BOTH RB_MULTIPLE
#define SER_VID_BOTH (RB_SERIAL | RB_MULTIPLE)
#define CON_MASK (RB_SERIAL | RB_MULTIPLE)
if (strcmp(getenv("console"), "efi") == 0) {
if ((howto & CON_MASK) == 0) {
/* No override, uhowto is controlling and efi cons is perfect */
howto = howto | (uhowto & CON_MASK);
} else if ((howto & CON_MASK) == (uhowto & CON_MASK)) {
/* override matches what UEFI told us, efi console is perfect */
} else if ((uhowto & (CON_MASK)) != 0) {
/*
* We detected a serial console on ConOut. All possible
* overrides include serial. We can't really override what efi
* gives us, so we use it knowing it's the best choice.
*/
/* Do nothing */
} else {
/*
* We detected some kind of serial in the override, but ConOut
* has no serial, so we have to sort out which case it really is.
*/
switch (howto & CON_MASK) {
case SERIAL_ONLY:
setenv("console", "comconsole", 1);
break;
case VID_SER_BOTH:
setenv("console", "efi comconsole", 1);
break;
case SER_VID_BOTH:
setenv("console", "comconsole efi", 1);
break;
/* case VIDEO_ONLY can't happen -- it's the first if above */
}
}
}
/*
* howto is set now how we want to export the flags to the kernel, so
* set the env based on it.
*/
boot_howto_to_env(howto);
if (efi_copy_init()) {
printf("failed to allocate staging area\n");
return (EFI_BUFFER_TOO_SMALL);
}
if ((s = getenv("fail_timeout")) != NULL)
fail_timeout = strtol(s, NULL, 10);
printf("%s\n", bootprog_info);
printf(" Command line arguments:");
for (i = 0; i < argc; i++)
printf(" %S", argv[i]);
printf("\n");
printf(" Image base: 0x%lx\n", (unsigned long)boot_img->ImageBase);
printf(" EFI version: %d.%02d\n", ST->Hdr.Revision >> 16,
ST->Hdr.Revision & 0xffff);
printf(" EFI Firmware: %S (rev %d.%02d)\n", ST->FirmwareVendor,
ST->FirmwareRevision >> 16, ST->FirmwareRevision & 0xffff);
printf(" Console: %s (%#x)\n", getenv("console"), howto);
/* Determine the devpath of our image so we can prefer it. */
text = efi_devpath_name(boot_img->FilePath);
if (text != NULL) {
printf(" Load Path: %S\n", text);
efi_setenv_freebsd_wcs("LoaderPath", text);
efi_free_devpath_name(text);
}
rv = OpenProtocolByHandle(boot_img->DeviceHandle, &devid,
(void **)&imgpath);
if (rv == EFI_SUCCESS) {
text = efi_devpath_name(imgpath);
if (text != NULL) {
printf(" Load Device: %S\n", text);
efi_setenv_freebsd_wcs("LoaderDev", text);
efi_free_devpath_name(text);
}
}
if (getenv("uefi_ignore_boot_mgr") != NULL) {
printf(" Ignoring UEFI boot manager\n");
uefi_boot_mgr = false;
} else {
uefi_boot_mgr = true;
boot_current = 0;
sz = sizeof(boot_current);
rv = efi_global_getenv("BootCurrent", &boot_current, &sz);
if (rv == EFI_SUCCESS)
printf(" BootCurrent: %04x\n", boot_current);
else {
boot_current = 0xffff;
uefi_boot_mgr = false;
}
sz = sizeof(boot_order);
rv = efi_global_getenv("BootOrder", &boot_order, &sz);
if (rv == EFI_SUCCESS) {
printf(" BootOrder:");
for (i = 0; i < sz / sizeof(boot_order[0]); i++)
printf(" %04x%s", boot_order[i],
boot_order[i] == boot_current ? "[*]" : "");
printf("\n");
is_last = boot_order[(sz / sizeof(boot_order[0])) - 1] == boot_current;
bosz = sz;
} else if (uefi_boot_mgr) {
/*
* u-boot doesn't set BootOrder, but otherwise participates in the
* boot manager protocol. So we fake it here and don't consider it
* a failure.
*/
bosz = sizeof(boot_order[0]);
boot_order[0] = boot_current;
is_last = true;
}
}
/*
* Next, find the boot info structure the UEFI boot manager is
* supposed to setup. We need this so we can walk through it to
* find where we are in the booting process and what to try to
* boot next.
*/
if (uefi_boot_mgr) {
snprintf(buf, sizeof(buf), "Boot%04X", boot_current);
sz = sizeof(boot_info);
rv = efi_global_getenv(buf, &boot_info, &sz);
if (rv == EFI_SUCCESS)
bisz = sz;
else
uefi_boot_mgr = false;
}
/*
* Disable the watchdog timer. By default the boot manager sets
* the timer to 5 minutes before invoking a boot option. If we
* want to return to the boot manager, we have to disable the
* watchdog timer and since we're an interactive program, we don't
* want to wait until the user types "quit". The timer may have
* fired by then. We don't care if this fails. It does not prevent
* normal functioning in any way...
*/
BS->SetWatchdogTimer(0, 0, 0, NULL);
/*
* Initialize the trusted/forbidden certificates from UEFI.
* They will be later used to verify the manifest(s),
* which should contain hashes of verified files.
* This needs to be initialized before any configuration files
* are loaded.
*/
#ifdef EFI_SECUREBOOT
ve_efi_init();
#endif
/*
* Try and find a good currdev based on the image that was booted.
* It might be desirable here to have a short pause to allow falling
* through to the boot loader instead of returning instantly to follow
* the boot protocol and also allow an escape hatch for users wishing
* to try something different.
*/
if (find_currdev(uefi_boot_mgr, is_last, boot_info, bisz) != 0)
if (uefi_boot_mgr &&
!interactive_interrupt("Failed to find bootable partition"))
return (EFI_NOT_FOUND);
autoload_font(false); /* Set up the font list for console. */
efi_init_environment();
#if !defined(__arm__)
for (k = 0; k < ST->NumberOfTableEntries; k++) {
guid = &ST->ConfigurationTable[k].VendorGuid;
if (!memcmp(guid, &smbios, sizeof(EFI_GUID))) {
char buf[40];
snprintf(buf, sizeof(buf), "%p",
ST->ConfigurationTable[k].VendorTable);
setenv("hint.smbios.0.mem", buf, 1);
smbios_detect(ST->ConfigurationTable[k].VendorTable);
break;
}
}
#endif
interact(); /* doesn't return */
return (EFI_SUCCESS); /* keep compiler happy */
}
+COMMAND_SET(efi_seed_entropy, "efi-seed-entropy", "try to get entropy from the EFI RNG", command_seed_entropy);
+
+static int
+command_seed_entropy(int argc, char *argv[])
+{
+ EFI_STATUS status;
+ EFI_RNG_PROTOCOL *rng;
+ unsigned int size = 2048;
+ void *buf;
+
+ if (argc > 1) {
+ size = strtol(argv[1], NULL, 0);
+ }
+
+ status = BS->LocateProtocol(&rng_guid, NULL, (VOID **)&rng);
+ if (status != EFI_SUCCESS) {
+ command_errmsg = "RNG protocol not found";
+ return (CMD_ERROR);
+ }
+
+ if ((buf = malloc(size)) == NULL) {
+ command_errmsg = "out of memory";
+ return (CMD_ERROR);
+ }
+
+ status = rng->GetRNG(rng, NULL, size, (UINT8 *)buf);
+ if (status != EFI_SUCCESS) {
+ free(buf);
+ command_errmsg = "GetRNG failed";
+ return (CMD_ERROR);
+ }
+
+ if (file_addbuf("efi_rng_seed", "boot_entropy_platform", size, buf) != 0) {
+ free(buf);
+ return (CMD_ERROR);
+ }
+
+ free(buf);
+ return (CMD_OK);
+}
+
COMMAND_SET(poweroff, "poweroff", "power off the system", command_poweroff);
static int
command_poweroff(int argc __unused, char *argv[] __unused)
{
int i;
for (i = 0; devsw[i] != NULL; ++i)
if (devsw[i]->dv_cleanup != NULL)
(devsw[i]->dv_cleanup)();
RS->ResetSystem(EfiResetShutdown, EFI_SUCCESS, 0, NULL);
/* NOTREACHED */
return (CMD_ERROR);
}
COMMAND_SET(reboot, "reboot", "reboot the system", command_reboot);
static int
command_reboot(int argc, char *argv[])
{
int i;
for (i = 0; devsw[i] != NULL; ++i)
if (devsw[i]->dv_cleanup != NULL)
(devsw[i]->dv_cleanup)();
RS->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
/* NOTREACHED */
return (CMD_ERROR);
}
COMMAND_SET(quit, "quit", "exit the loader", command_quit);
static int
command_quit(int argc, char *argv[])
{
exit(0);
return (CMD_OK);
}
COMMAND_SET(memmap, "memmap", "print memory map", command_memmap);
static int
command_memmap(int argc __unused, char *argv[] __unused)
{
UINTN sz;
EFI_MEMORY_DESCRIPTOR *map, *p;
UINTN key, dsz;
UINT32 dver;
EFI_STATUS status;
int i, ndesc;
char line[80];
sz = 0;
status = BS->GetMemoryMap(&sz, 0, &key, &dsz, &dver);
if (status != EFI_BUFFER_TOO_SMALL) {
printf("Can't determine memory map size\n");
return (CMD_ERROR);
}
map = malloc(sz);
status = BS->GetMemoryMap(&sz, map, &key, &dsz, &dver);
if (EFI_ERROR(status)) {
printf("Can't read memory map\n");
return (CMD_ERROR);
}
ndesc = sz / dsz;
snprintf(line, sizeof(line), "%23s %12s %12s %8s %4s\n",
"Type", "Physical", "Virtual", "#Pages", "Attr");
pager_open();
if (pager_output(line)) {
pager_close();
return (CMD_OK);
}
for (i = 0, p = map; i < ndesc;
i++, p = NextMemoryDescriptor(p, dsz)) {
snprintf(line, sizeof(line), "%23s %012jx %012jx %08jx ",
efi_memory_type(p->Type), (uintmax_t)p->PhysicalStart,
(uintmax_t)p->VirtualStart, (uintmax_t)p->NumberOfPages);
if (pager_output(line))
break;
if (p->Attribute & EFI_MEMORY_UC)
printf("UC ");
if (p->Attribute & EFI_MEMORY_WC)
printf("WC ");
if (p->Attribute & EFI_MEMORY_WT)
printf("WT ");
if (p->Attribute & EFI_MEMORY_WB)
printf("WB ");
if (p->Attribute & EFI_MEMORY_UCE)
printf("UCE ");
if (p->Attribute & EFI_MEMORY_WP)
printf("WP ");
if (p->Attribute & EFI_MEMORY_RP)
printf("RP ");
if (p->Attribute & EFI_MEMORY_XP)
printf("XP ");
if (p->Attribute & EFI_MEMORY_NV)
printf("NV ");
if (p->Attribute & EFI_MEMORY_MORE_RELIABLE)
printf("MR ");
if (p->Attribute & EFI_MEMORY_RO)
printf("RO ");
if (pager_output("\n"))
break;
}
pager_close();
return (CMD_OK);
}
COMMAND_SET(configuration, "configuration", "print configuration tables",
command_configuration);
static int
command_configuration(int argc, char *argv[])
{
UINTN i;
char *name;
printf("NumberOfTableEntries=%lu\n",
(unsigned long)ST->NumberOfTableEntries);
for (i = 0; i < ST->NumberOfTableEntries; i++) {
EFI_GUID *guid;
printf(" ");
guid = &ST->ConfigurationTable[i].VendorGuid;
if (efi_guid_to_name(guid, &name) == true) {
printf(name);
free(name);
} else {
printf("Error while translating UUID to name");
}
printf(" at %p\n", ST->ConfigurationTable[i].VendorTable);
}
return (CMD_OK);
}
COMMAND_SET(mode, "mode", "change or display EFI text modes", command_mode);
static int
command_mode(int argc, char *argv[])
{
UINTN cols, rows;
unsigned int mode;
int i;
char *cp;
EFI_STATUS status;
SIMPLE_TEXT_OUTPUT_INTERFACE *conout;
conout = ST->ConOut;
if (argc > 1) {
mode = strtol(argv[1], &cp, 0);
if (cp[0] != '\0') {
printf("Invalid mode\n");
return (CMD_ERROR);
}
status = conout->QueryMode(conout, mode, &cols, &rows);
if (EFI_ERROR(status)) {
printf("invalid mode %d\n", mode);
return (CMD_ERROR);
}
status = conout->SetMode(conout, mode);
if (EFI_ERROR(status)) {
printf("couldn't set mode %d\n", mode);
return (CMD_ERROR);
}
(void) cons_update_mode(true);
return (CMD_OK);
}
printf("Current mode: %d\n", conout->Mode->Mode);
for (i = 0; i <= conout->Mode->MaxMode; i++) {
status = conout->QueryMode(conout, i, &cols, &rows);
if (EFI_ERROR(status))
continue;
printf("Mode %d: %u columns, %u rows\n", i, (unsigned)cols,
(unsigned)rows);
}
if (i != 0)
printf("Select a mode with the command \"mode <number>\"\n");
return (CMD_OK);
}
COMMAND_SET(lsefi, "lsefi", "list EFI handles", command_lsefi);
static void
lsefi_print_handle_info(EFI_HANDLE handle)
{
EFI_DEVICE_PATH *devpath;
EFI_DEVICE_PATH *imagepath;
CHAR16 *dp_name;
imagepath = efi_lookup_image_devpath(handle);
if (imagepath != NULL) {
dp_name = efi_devpath_name(imagepath);
printf("Handle for image %S", dp_name);
efi_free_devpath_name(dp_name);
return;
}
devpath = efi_lookup_devpath(handle);
if (devpath != NULL) {
dp_name = efi_devpath_name(devpath);
printf("Handle for device %S", dp_name);
efi_free_devpath_name(dp_name);
return;
}
printf("Handle %p", handle);
}
static int
command_lsefi(int argc __unused, char *argv[] __unused)
{
char *name;
EFI_HANDLE *buffer = NULL;
EFI_HANDLE handle;
UINTN bufsz = 0, i, j;
EFI_STATUS status;
int ret = 0;
status = BS->LocateHandle(AllHandles, NULL, NULL, &bufsz, buffer);
if (status != EFI_BUFFER_TOO_SMALL) {
snprintf(command_errbuf, sizeof (command_errbuf),
"unexpected error: %lld", (long long)status);
return (CMD_ERROR);
}
if ((buffer = malloc(bufsz)) == NULL) {
sprintf(command_errbuf, "out of memory");
return (CMD_ERROR);
}
status = BS->LocateHandle(AllHandles, NULL, NULL, &bufsz, buffer);
if (EFI_ERROR(status)) {
free(buffer);
snprintf(command_errbuf, sizeof (command_errbuf),
"LocateHandle() error: %lld", (long long)status);
return (CMD_ERROR);
}
pager_open();
for (i = 0; i < (bufsz / sizeof (EFI_HANDLE)); i++) {
UINTN nproto = 0;
EFI_GUID **protocols = NULL;
handle = buffer[i];
lsefi_print_handle_info(handle);
if (pager_output("\n"))
break;
/* device path */
status = BS->ProtocolsPerHandle(handle, &protocols, &nproto);
if (EFI_ERROR(status)) {
snprintf(command_errbuf, sizeof (command_errbuf),
"ProtocolsPerHandle() error: %lld",
(long long)status);
continue;
}
for (j = 0; j < nproto; j++) {
if (efi_guid_to_name(protocols[j], &name) == true) {
printf(" %s", name);
free(name);
} else {
printf("Error while translating UUID to name");
}
if ((ret = pager_output("\n")) != 0)
break;
}
BS->FreePool(protocols);
if (ret != 0)
break;
}
pager_close();
free(buffer);
return (CMD_OK);
}
#ifdef LOADER_FDT_SUPPORT
extern int command_fdt_internal(int argc, char *argv[]);
/*
* Since proper fdt command handling function is defined in fdt_loader_cmd.c,
* and declaring it as extern is in contradiction with COMMAND_SET() macro
* (which uses static pointer), we're defining wrapper function, which
* calls the proper fdt handling routine.
*/
static int
command_fdt(int argc, char *argv[])
{
return (command_fdt_internal(argc, argv));
}
COMMAND_SET(fdt, "fdt", "flattened device tree handling", command_fdt);
#endif
/*
* Chain load another efi loader.
*/
static int
command_chain(int argc, char *argv[])
{
EFI_GUID LoadedImageGUID = LOADED_IMAGE_PROTOCOL;
EFI_HANDLE loaderhandle;
EFI_LOADED_IMAGE *loaded_image;
EFI_STATUS status;
struct stat st;
struct devdesc *dev;
char *name, *path;
void *buf;
int fd;
if (argc < 2) {
command_errmsg = "wrong number of arguments";
return (CMD_ERROR);
}
name = argv[1];
if ((fd = open(name, O_RDONLY)) < 0) {
command_errmsg = "no such file";
return (CMD_ERROR);
}
#ifdef LOADER_VERIEXEC
if (verify_file(fd, name, 0, VE_MUST, __func__) < 0) {
sprintf(command_errbuf, "can't verify: %s", name);
close(fd);
return (CMD_ERROR);
}
#endif
if (fstat(fd, &st) < -1) {
command_errmsg = "stat failed";
close(fd);
return (CMD_ERROR);
}
status = BS->AllocatePool(EfiLoaderCode, (UINTN)st.st_size, &buf);
if (status != EFI_SUCCESS) {
command_errmsg = "failed to allocate buffer";
close(fd);
return (CMD_ERROR);
}
if (read(fd, buf, st.st_size) != st.st_size) {
command_errmsg = "error while reading the file";
(void)BS->FreePool(buf);
close(fd);
return (CMD_ERROR);
}
close(fd);
status = BS->LoadImage(FALSE, IH, NULL, buf, st.st_size, &loaderhandle);
(void)BS->FreePool(buf);
if (status != EFI_SUCCESS) {
command_errmsg = "LoadImage failed";
return (CMD_ERROR);
}
status = OpenProtocolByHandle(loaderhandle, &LoadedImageGUID,
(void **)&loaded_image);
if (argc > 2) {
int i, len = 0;
CHAR16 *argp;
for (i = 2; i < argc; i++)
len += strlen(argv[i]) + 1;
len *= sizeof (*argp);
loaded_image->LoadOptions = argp = malloc (len);
loaded_image->LoadOptionsSize = len;
for (i = 2; i < argc; i++) {
char *ptr = argv[i];
while (*ptr)
*(argp++) = *(ptr++);
*(argp++) = ' ';
}
*(--argv) = 0;
}
if (efi_getdev((void **)&dev, name, (const char **)&path) == 0) {
#ifdef EFI_ZFS_BOOT
struct zfs_devdesc *z_dev;
#endif
struct disk_devdesc *d_dev;
pdinfo_t *hd, *pd;
switch (dev->d_dev->dv_type) {
#ifdef EFI_ZFS_BOOT
case DEVT_ZFS:
z_dev = (struct zfs_devdesc *)dev;
loaded_image->DeviceHandle =
efizfs_get_handle_by_guid(z_dev->pool_guid);
break;
#endif
case DEVT_NET:
loaded_image->DeviceHandle =
efi_find_handle(dev->d_dev, dev->d_unit);
break;
default:
hd = efiblk_get_pdinfo(dev);
if (STAILQ_EMPTY(&hd->pd_part)) {
loaded_image->DeviceHandle = hd->pd_handle;
break;
}
d_dev = (struct disk_devdesc *)dev;
STAILQ_FOREACH(pd, &hd->pd_part, pd_link) {
/*
* d_partition should be 255
*/
if (pd->pd_unit == (uint32_t)d_dev->d_slice) {
loaded_image->DeviceHandle =
pd->pd_handle;
break;
}
}
break;
}
}
dev_cleanup();
status = BS->StartImage(loaderhandle, NULL, NULL);
if (status != EFI_SUCCESS) {
command_errmsg = "StartImage failed";
free(loaded_image->LoadOptions);
loaded_image->LoadOptions = NULL;
status = BS->UnloadImage(loaded_image);
return (CMD_ERROR);
}
return (CMD_ERROR); /* not reached */
}
COMMAND_SET(chain, "chain", "chain load file", command_chain);
extern struct in_addr servip;
static int
command_netserver(int argc, char *argv[])
{
char *proto;
n_long rootaddr;
if (argc > 2) {
command_errmsg = "wrong number of arguments";
return (CMD_ERROR);
}
if (argc < 2) {
proto = netproto == NET_TFTP ? "tftp://" : "nfs://";
printf("Netserver URI: %s%s%s\n", proto, intoa(rootip.s_addr),
rootpath);
return (CMD_OK);
}
if (argc == 2) {
strncpy(rootpath, argv[1], sizeof(rootpath));
rootpath[sizeof(rootpath) -1] = '\0';
if ((rootaddr = net_parse_rootpath()) != INADDR_NONE)
servip.s_addr = rootip.s_addr = rootaddr;
return (CMD_OK);
}
return (CMD_ERROR); /* not reached */
}
COMMAND_SET(netserver, "netserver", "change or display netserver URI",
command_netserver);
diff --git a/stand/lua/core.lua b/stand/lua/core.lua
index 67d51b99285..27e3c14de9f 100644
--- a/stand/lua/core.lua
+++ b/stand/lua/core.lua
@@ -1,517 +1,527 @@
--
-- SPDX-License-Identifier: BSD-2-Clause-FreeBSD
--
-- Copyright (c) 2015 Pedro Souza <pedrosouza@freebsd.org>
-- Copyright (c) 2018 Kyle Evans <kevans@FreeBSD.org>
-- All rights reserved.
--
-- Redistribution and use in source and binary forms, with or without
-- modification, are permitted provided that the following conditions
-- are met:
-- 1. Redistributions of source code must retain the above copyright
-- notice, this list of conditions and the following disclaimer.
-- 2. Redistributions in binary form must reproduce the above copyright
-- notice, this list of conditions and the following disclaimer in the
-- documentation and/or other materials provided with the distribution.
--
-- THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- SUCH DAMAGE.
--
-- $FreeBSD$
--
local config = require("config")
local hook = require("hook")
local core = {}
local default_safe_mode = false
local default_single_user = false
local default_verbose = false
local bootenv_list = "bootenvs"
local function composeLoaderCmd(cmd_name, argstr)
if argstr ~= nil then
cmd_name = cmd_name .. " " .. argstr
end
return cmd_name
end
local function recordDefaults()
-- On i386, hint.acpi.0.rsdp will be set before we're loaded. On !i386,
-- it will generally be set upon execution of the kernel. Because of
-- this, we can't (or don't really want to) detect/disable ACPI on !i386
-- reliably. Just set it enabled if we detect it and leave well enough
-- alone if we don't.
local boot_acpi = core.isSystem386() and core.getACPIPresent(false)
local boot_single = loader.getenv("boot_single") or "no"
local boot_verbose = loader.getenv("boot_verbose") or "no"
default_single_user = boot_single:lower() ~= "no"
default_verbose = boot_verbose:lower() ~= "no"
if boot_acpi then
core.setACPI(true)
end
core.setSingleUser(default_single_user)
core.setVerbose(default_verbose)
end
-- Globals
-- try_include will return the loaded module on success, or false and the error
-- message on failure.
function try_include(module)
if module:sub(1, 1) ~= "/" then
local lua_path = loader.lua_path
-- XXX Temporary compat shim; this should be removed once the
-- loader.lua_path export has sufficiently spread.
if lua_path == nil then
lua_path = "/boot/lua"
end
module = lua_path .. "/" .. module
-- We only attempt to append an extension if an absolute path
-- wasn't specified. This assumes that the caller either wants
-- to treat this like it would require() and specify just the
-- base filename, or they know what they're doing as they've
-- specified an absolute path and we shouldn't impede.
if module:match(".lua$") == nil then
module = module .. ".lua"
end
end
if lfs.attributes(module, "mode") ~= "file" then
return
end
return dofile(module)
end
-- Module exports
-- Commonly appearing constants
core.KEY_BACKSPACE = 8
core.KEY_ENTER = 13
core.KEY_DELETE = 127
-- Note that this is a decimal representation, despite the leading 0 that in
-- other contexts (outside of Lua) may mean 'octal'
core.KEYSTR_ESCAPE = "\027"
core.KEYSTR_CSI = core.KEYSTR_ESCAPE .. "["
core.KEYSTR_RESET = core.KEYSTR_ESCAPE .. "c"
core.MENU_RETURN = "return"
core.MENU_ENTRY = "entry"
core.MENU_SEPARATOR = "separator"
core.MENU_SUBMENU = "submenu"
core.MENU_CAROUSEL_ENTRY = "carousel_entry"
function core.setVerbose(verbose)
if verbose == nil then
verbose = not core.verbose
end
if verbose then
loader.setenv("boot_verbose", "YES")
else
loader.unsetenv("boot_verbose")
end
core.verbose = verbose
end
function core.setSingleUser(single_user)
if single_user == nil then
single_user = not core.su
end
if single_user then
loader.setenv("boot_single", "YES")
else
loader.unsetenv("boot_single")
end
core.su = single_user
end
function core.getACPIPresent(checking_system_defaults)
local c = loader.getenv("hint.acpi.0.rsdp")
if c ~= nil then
if checking_system_defaults then
return true
end
-- Otherwise, respect disabled if it's set
c = loader.getenv("hint.acpi.0.disabled")
return c == nil or tonumber(c) ~= 1
end
return false
end
function core.setACPI(acpi)
if acpi == nil then
acpi = not core.acpi
end
if acpi then
loader.setenv("acpi_load", "YES")
loader.setenv("hint.acpi.0.disabled", "0")
loader.unsetenv("loader.acpi_disabled_by_user")
else
loader.unsetenv("acpi_load")
loader.setenv("hint.acpi.0.disabled", "1")
loader.setenv("loader.acpi_disabled_by_user", "1")
end
core.acpi = acpi
end
function core.setSafeMode(safe_mode)
if safe_mode == nil then
safe_mode = not core.sm
end
if safe_mode then
loader.setenv("kern.smp.disabled", "1")
loader.setenv("hw.ata.ata_dma", "0")
loader.setenv("hw.ata.atapi_dma", "0")
loader.setenv("hw.ata.wc", "0")
loader.setenv("hw.eisa_slots", "0")
loader.setenv("kern.eventtimer.periodic", "1")
loader.setenv("kern.geom.part.check_integrity", "0")
else
loader.unsetenv("kern.smp.disabled")
loader.unsetenv("hw.ata.ata_dma")
loader.unsetenv("hw.ata.atapi_dma")
loader.unsetenv("hw.ata.wc")
loader.unsetenv("hw.eisa_slots")
loader.unsetenv("kern.eventtimer.periodic")
loader.unsetenv("kern.geom.part.check_integrity")
end
core.sm = safe_mode
end
function core.clearCachedKernels()
-- Clear the kernel cache on config changes, autodetect might have
-- changed or if we've switched boot environments then we could have
-- a new kernel set.
core.cached_kernels = nil
end
function core.kernelList()
if core.cached_kernels ~= nil then
return core.cached_kernels
end
local k = loader.getenv("kernel")
local v = loader.getenv("kernels")
local autodetect = loader.getenv("kernels_autodetect") or ""
local kernels = {}
local unique = {}
local i = 0
if k ~= nil then
i = i + 1
kernels[i] = k
unique[k] = true
end
if v ~= nil then
for n in v:gmatch("([^;, ]+)[;, ]?") do
if unique[n] == nil then
i = i + 1
kernels[i] = n
unique[n] = true
end
end
end
-- Do not attempt to autodetect if underlying filesystem
-- do not support directory listing (e.g. tftp, http)
if not lfs.attributes("/boot", "mode") then
autodetect = "no"
loader.setenv("kernels_autodetect", "NO")
end
-- Base whether we autodetect kernels or not on a loader.conf(5)
-- setting, kernels_autodetect. If it's set to 'yes', we'll add
-- any kernels we detect based on the criteria described.
if autodetect:lower() ~= "yes" then
core.cached_kernels = kernels
return core.cached_kernels
end
-- Automatically detect other bootable kernel directories using a
-- heuristic. Any directory in /boot that contains an ordinary file
-- named "kernel" is considered eligible.
for file, ftype in lfs.dir("/boot") do
local fname = "/boot/" .. file
if file == "." or file == ".." then
goto continue
end
if ftype then
if ftype ~= lfs.DT_DIR then
goto continue
end
elseif lfs.attributes(fname, "mode") ~= "directory" then
goto continue
end
if lfs.attributes(fname .. "/kernel", "mode") ~= "file" then
goto continue
end
if unique[file] == nil then
i = i + 1
kernels[i] = file
unique[file] = true
end
::continue::
end
core.cached_kernels = kernels
return core.cached_kernels
end
function core.bootenvDefault()
return loader.getenv("zfs_be_active")
end
function core.bootenvList()
local bootenv_count = tonumber(loader.getenv(bootenv_list .. "_count"))
local bootenvs = {}
local curenv
local envcount = 0
local unique = {}
if bootenv_count == nil or bootenv_count <= 0 then
return bootenvs
end
-- Currently selected bootenv is always first/default
-- On the rewinded list the bootenv may not exists
if core.isRewinded() then
curenv = core.bootenvDefaultRewinded()
else
curenv = core.bootenvDefault()
end
if curenv ~= nil then
envcount = envcount + 1
bootenvs[envcount] = curenv
unique[curenv] = true
end
for curenv_idx = 0, bootenv_count - 1 do
curenv = loader.getenv(bootenv_list .. "[" .. curenv_idx .. "]")
if curenv ~= nil and unique[curenv] == nil then
envcount = envcount + 1
bootenvs[envcount] = curenv
unique[curenv] = true
end
end
return bootenvs
end
function core.isCheckpointed()
return loader.getenv("zpool_checkpoint") ~= nil
end
function core.bootenvDefaultRewinded()
local defname = "zfs:!" .. string.sub(core.bootenvDefault(), 5)
local bootenv_count = tonumber("bootenvs_check_count")
if bootenv_count == nil or bootenv_count <= 0 then
return defname
end
for curenv_idx = 0, bootenv_count - 1 do
local curenv = loader.getenv("bootenvs_check[" .. curenv_idx .. "]")
if curenv == defname then
return defname
end
end
return loader.getenv("bootenvs_check[0]")
end
function core.isRewinded()
return bootenv_list == "bootenvs_check"
end
function core.changeRewindCheckpoint()
if core.isRewinded() then
bootenv_list = "bootenvs"
else
bootenv_list = "bootenvs_check"
end
end
+function core.loadEntropy()
+ if core.isUEFIBoot() then
+ if (loader.getenv("entropy_efi_seed") or "no"):lower() == "yes" then
+ loader.perform("efi-seed-entropy")
+ end
+ end
+end
+
function core.setDefaults()
core.setACPI(core.getACPIPresent(true))
core.setSafeMode(default_safe_mode)
core.setSingleUser(default_single_user)
core.setVerbose(default_verbose)
end
function core.autoboot(argstr)
-- loadelf() only if we've not already loaded a kernel
if loader.getenv("kernelname") == nil then
config.loadelf()
end
+ core.loadEntropy()
loader.perform(composeLoaderCmd("autoboot", argstr))
end
function core.boot(argstr)
-- loadelf() only if we've not already loaded a kernel
if loader.getenv("kernelname") == nil then
config.loadelf()
end
+ core.loadEntropy()
loader.perform(composeLoaderCmd("boot", argstr))
end
function core.isSingleUserBoot()
local single_user = loader.getenv("boot_single")
return single_user ~= nil and single_user:lower() == "yes"
end
function core.isUEFIBoot()
local efiver = loader.getenv("efi-version")
return efiver ~= nil
end
function core.isZFSBoot()
local c = loader.getenv("currdev")
if c ~= nil then
return c:match("^zfs:") ~= nil
end
return false
end
function core.isFramebufferConsole()
local c = loader.getenv("console")
if c ~= nil then
if c:find("efi") == nil and c:find("vidconsole") == nil then
return false
end
if loader.getenv("screen.depth") ~= nil then
return true
end
end
return false
end
function core.isSerialConsole()
local c = loader.getenv("console")
if c ~= nil then
-- serial console is comconsole, but also userboot.
-- userboot is there, because we have no way to know
-- if the user terminal can draw unicode box chars or not.
if c:find("comconsole") ~= nil or c:find("userboot") ~= nil then
return true
end
end
return false
end
function core.isSerialBoot()
local s = loader.getenv("boot_serial")
if s ~= nil then
return true
end
local m = loader.getenv("boot_multicons")
if m ~= nil then
return true
end
return false
end
function core.isSystem386()
return loader.machine_arch == "i386"
end
-- Is the menu skipped in the environment in which we've booted?
function core.isMenuSkipped()
return string.lower(loader.getenv("beastie_disable") or "") == "yes"
end
-- This may be a better candidate for a 'utility' module.
function core.deepCopyTable(tbl)
local new_tbl = {}
for k, v in pairs(tbl) do
if type(v) == "table" then
new_tbl[k] = core.deepCopyTable(v)
else
new_tbl[k] = v
end
end
return new_tbl
end
-- XXX This should go away if we get the table lib into shape for importing.
-- As of now, it requires some 'os' functions, so we'll implement this in lua
-- for our uses
function core.popFrontTable(tbl)
-- Shouldn't reasonably happen
if #tbl == 0 then
return nil, nil
elseif #tbl == 1 then
return tbl[1], {}
end
local first_value = tbl[1]
local new_tbl = {}
-- This is not a cheap operation
for k, v in ipairs(tbl) do
if k > 1 then
new_tbl[k - 1] = v
end
end
return first_value, new_tbl
end
function core.getConsoleName()
if loader.getenv("boot_multicons") ~= nil then
if loader.getenv("boot_serial") ~= nil then
return "Dual (Serial primary)"
else
return "Dual (Video primary)"
end
else
if loader.getenv("boot_serial") ~= nil then
return "Serial"
else
return "Video"
end
end
end
function core.nextConsoleChoice()
if loader.getenv("boot_multicons") ~= nil then
if loader.getenv("boot_serial") ~= nil then
loader.unsetenv("boot_serial")
else
loader.unsetenv("boot_multicons")
loader.setenv("boot_serial", "YES")
end
else
if loader.getenv("boot_serial") ~= nil then
loader.unsetenv("boot_serial")
else
loader.setenv("boot_multicons", "YES")
loader.setenv("boot_serial", "YES")
end
end
end
recordDefaults()
hook.register("config.reloaded", core.clearCachedKernels)
return core
diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c
index 46c06912694..e868c1fe3c5 100644
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@@ -1,669 +1,677 @@
/*-
* Copyright (c) 2017 Oliver Pinter
* Copyright (c) 2017 W. Dean Freeman
* Copyright (c) 2000-2015 Mark R V Murray
* Copyright (c) 2013 Arthur Mesh
* Copyright (c) 2004 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/ck.h>
#include <sys/conf.h>
#include <sys/epoch.h>
#include <sys/eventhandler.h>
#include <sys/hash.h>
#include <sys/kernel.h>
#include <sys/kthread.h>
#include <sys/linker.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
#include <sys/random.h>
#include <sys/sbuf.h>
#include <sys/sysctl.h>
#include <sys/unistd.h>
#include <machine/atomic.h>
#include <machine/cpu.h>
#include <crypto/rijndael/rijndael-api-fst.h>
#include <crypto/sha2/sha256.h>
#include <dev/random/hash.h>
#include <dev/random/randomdev.h>
#include <dev/random/random_harvestq.h>
#if defined(RANDOM_ENABLE_ETHER)
#define _RANDOM_HARVEST_ETHER_OFF 0
#else
#define _RANDOM_HARVEST_ETHER_OFF (1u << RANDOM_NET_ETHER)
#endif
#if defined(RANDOM_ENABLE_UMA)
#define _RANDOM_HARVEST_UMA_OFF 0
#else
#define _RANDOM_HARVEST_UMA_OFF (1u << RANDOM_UMA)
#endif
/*
* Note that random_sources_feed() will also use this to try and split up
* entropy into a subset of pools per iteration with the goal of feeding
* HARVESTSIZE into every pool at least once per second.
*/
#define RANDOM_KTHREAD_HZ 10
static void random_kthread(void);
static void random_sources_feed(void);
/*
* Random must initialize much earlier than epoch, but we can initialize the
* epoch code before SMP starts. Prior to SMP, we can safely bypass
* concurrency primitives.
*/
static __read_mostly bool epoch_inited;
static __read_mostly epoch_t rs_epoch;
/*
* How many events to queue up. We create this many items in
* an 'empty' queue, then transfer them to the 'harvest' queue with
* supplied junk. When used, they are transferred back to the
* 'empty' queue.
*/
#define RANDOM_RING_MAX 1024
#define RANDOM_ACCUM_MAX 8
/* 1 to let the kernel thread run, 0 to terminate, -1 to mark completion */
volatile int random_kthread_control;
/* Allow the sysadmin to select the broad category of
* entropy types to harvest.
*/
__read_frequently u_int hc_source_mask;
struct random_sources {
CK_LIST_ENTRY(random_sources) rrs_entries;
struct random_source *rrs_source;
};
static CK_LIST_HEAD(sources_head, random_sources) source_list =
CK_LIST_HEAD_INITIALIZER(source_list);
SYSCTL_NODE(_kern_random, OID_AUTO, harvest, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
"Entropy Device Parameters");
/*
* Put all the harvest queue context stuff in one place.
* this make is a bit easier to lock and protect.
*/
static struct harvest_context {
/* The harvest mutex protects all of harvest_context and
* the related data.
*/
struct mtx hc_mtx;
/* Round-robin destination cache. */
u_int hc_destination[ENTROPYSOURCE];
/* The context of the kernel thread processing harvested entropy */
struct proc *hc_kthread_proc;
/*
* Lockless ring buffer holding entropy events
* If ring.in == ring.out,
* the buffer is empty.
* If ring.in != ring.out,
* the buffer contains harvested entropy.
* If (ring.in + 1) == ring.out (mod RANDOM_RING_MAX),
* the buffer is full.
*
* NOTE: ring.in points to the last added element,
* and ring.out points to the last consumed element.
*
* The ring.in variable needs locking as there are multiple
* sources to the ring. Only the sources may change ring.in,
* but the consumer may examine it.
*
* The ring.out variable does not need locking as there is
* only one consumer. Only the consumer may change ring.out,
* but the sources may examine it.
*/
struct entropy_ring {
struct harvest_event ring[RANDOM_RING_MAX];
volatile u_int in;
volatile u_int out;
} hc_entropy_ring;
struct fast_entropy_accumulator {
volatile u_int pos;
uint32_t buf[RANDOM_ACCUM_MAX];
} hc_entropy_fast_accumulator;
} harvest_context;
static struct kproc_desc random_proc_kp = {
"rand_harvestq",
random_kthread,
&harvest_context.hc_kthread_proc,
};
/* Pass the given event straight through to Fortuna/Whatever. */
static __inline void
random_harvestq_fast_process_event(struct harvest_event *event)
{
p_random_alg_context->ra_event_processor(event);
explicit_bzero(event, sizeof(*event));
}
static void
random_kthread(void)
{
u_int maxloop, ring_out, i;
/*
* Locking is not needed as this is the only place we modify ring.out, and
* we only examine ring.in without changing it. Both of these are volatile,
* and this is a unique thread.
*/
for (random_kthread_control = 1; random_kthread_control;) {
/* Deal with events, if any. Restrict the number we do in one go. */
maxloop = RANDOM_RING_MAX;
while (harvest_context.hc_entropy_ring.out != harvest_context.hc_entropy_ring.in) {
ring_out = (harvest_context.hc_entropy_ring.out + 1)%RANDOM_RING_MAX;
random_harvestq_fast_process_event(harvest_context.hc_entropy_ring.ring + ring_out);
harvest_context.hc_entropy_ring.out = ring_out;
if (!--maxloop)
break;
}
random_sources_feed();
/* XXX: FIX!! Increase the high-performance data rate? Need some measurements first. */
for (i = 0; i < RANDOM_ACCUM_MAX; i++) {
if (harvest_context.hc_entropy_fast_accumulator.buf[i]) {
random_harvest_direct(harvest_context.hc_entropy_fast_accumulator.buf + i, sizeof(harvest_context.hc_entropy_fast_accumulator.buf[0]), RANDOM_UMA);
harvest_context.hc_entropy_fast_accumulator.buf[i] = 0;
}
}
/* XXX: FIX!! This is a *great* place to pass hardware/live entropy to random(9) */
tsleep_sbt(&harvest_context.hc_kthread_proc, 0, "-",
SBT_1S/RANDOM_KTHREAD_HZ, 0, C_PREL(1));
}
random_kthread_control = -1;
wakeup(&harvest_context.hc_kthread_proc);
kproc_exit(0);
/* NOTREACHED */
}
/* This happens well after SI_SUB_RANDOM */
SYSINIT(random_device_h_proc, SI_SUB_KICK_SCHEDULER, SI_ORDER_ANY, kproc_start,
&random_proc_kp);
static void
rs_epoch_init(void *dummy __unused)
{
rs_epoch = epoch_alloc("Random Sources", EPOCH_PREEMPT);
epoch_inited = true;
}
SYSINIT(rs_epoch_init, SI_SUB_EPOCH, SI_ORDER_ANY, rs_epoch_init, NULL);
/*
* Run through all fast sources reading entropy for the given
* number of rounds, which should be a multiple of the number
* of entropy accumulation pools in use; it is 32 for Fortuna.
*/
static void
random_sources_feed(void)
{
uint32_t entropy[HARVESTSIZE];
struct epoch_tracker et;
struct random_sources *rrs;
u_int i, n, npools;
bool rse_warm;
rse_warm = epoch_inited;
/*
* Evenly-ish distribute pool population across the second based on how
* frequently random_kthread iterates.
*
* For Fortuna, the math currently works out as such:
*
* 64 bits * 4 pools = 256 bits per iteration
* 256 bits * 10 Hz = 2560 bits per second, 320 B/s
*
*/
npools = howmany(p_random_alg_context->ra_poolcount, RANDOM_KTHREAD_HZ);
/*
* Step over all of live entropy sources, and feed their output
* to the system-wide RNG.
*/
if (rse_warm)
epoch_enter_preempt(rs_epoch, &et);
CK_LIST_FOREACH(rrs, &source_list, rrs_entries) {
for (i = 0; i < npools; i++) {
n = rrs->rrs_source->rs_read(entropy, sizeof(entropy));
KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned too much data (%u > %zu)", __func__, n, sizeof(entropy)));
/*
* Sometimes the HW entropy source doesn't have anything
* ready for us. This isn't necessarily untrustworthy.
* We don't perform any other verification of an entropy
* source (i.e., length is allowed to be anywhere from 1
* to sizeof(entropy), quality is unchecked, etc), so
* don't balk verbosely at slow random sources either.
* There are reports that RDSEED on x86 metal falls
* behind the rate at which we query it, for example.
* But it's still a better entropy source than RDRAND.
*/
if (n == 0)
continue;
random_harvest_direct(entropy, n, rrs->rrs_source->rs_source);
}
}
if (rse_warm)
epoch_exit_preempt(rs_epoch, &et);
explicit_bzero(entropy, sizeof(entropy));
}
/* ARGSUSED */
static int
random_check_uint_harvestmask(SYSCTL_HANDLER_ARGS)
{
static const u_int user_immutable_mask =
(((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START)) |
_RANDOM_HARVEST_ETHER_OFF | _RANDOM_HARVEST_UMA_OFF;
int error;
u_int value, orig_value;
orig_value = value = hc_source_mask;
error = sysctl_handle_int(oidp, &value, 0, req);
if (error != 0 || req->newptr == NULL)
return (error);
if (flsl(value) > ENTROPYSOURCE)
return (EINVAL);
/*
* Disallow userspace modification of pure entropy sources.
*/
hc_source_mask = (value & ~user_immutable_mask) |
(orig_value & user_immutable_mask);
return (0);
}
SYSCTL_PROC(_kern_random_harvest, OID_AUTO, mask,
CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, NULL, 0,
random_check_uint_harvestmask, "IU",
"Entropy harvesting mask");
/* ARGSUSED */
static int
random_print_harvestmask(SYSCTL_HANDLER_ARGS)
{
struct sbuf sbuf;
int error, i;
error = sysctl_wire_old_buffer(req, 0);
if (error == 0) {
sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
for (i = ENTROPYSOURCE - 1; i >= 0; i--)
sbuf_cat(&sbuf, (hc_source_mask & (1 << i)) ? "1" : "0");
error = sbuf_finish(&sbuf);
sbuf_delete(&sbuf);
}
return (error);
}
SYSCTL_PROC(_kern_random_harvest, OID_AUTO, mask_bin,
CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
random_print_harvestmask, "A",
"Entropy harvesting mask (printable)");
static const char *random_source_descr[ENTROPYSOURCE] = {
[RANDOM_CACHED] = "CACHED",
[RANDOM_ATTACH] = "ATTACH",
[RANDOM_KEYBOARD] = "KEYBOARD",
[RANDOM_MOUSE] = "MOUSE",
[RANDOM_NET_TUN] = "NET_TUN",
[RANDOM_NET_ETHER] = "NET_ETHER",
[RANDOM_NET_NG] = "NET_NG",
[RANDOM_INTERRUPT] = "INTERRUPT",
[RANDOM_SWI] = "SWI",
[RANDOM_FS_ATIME] = "FS_ATIME",
[RANDOM_UMA] = "UMA", /* ENVIRONMENTAL_END */
[RANDOM_PURE_OCTEON] = "PURE_OCTEON", /* PURE_START */
[RANDOM_PURE_SAFE] = "PURE_SAFE",
[RANDOM_PURE_GLXSB] = "PURE_GLXSB",
[RANDOM_PURE_HIFN] = "PURE_HIFN",
[RANDOM_PURE_RDRAND] = "PURE_RDRAND",
[RANDOM_PURE_NEHEMIAH] = "PURE_NEHEMIAH",
[RANDOM_PURE_RNDTEST] = "PURE_RNDTEST",
[RANDOM_PURE_VIRTIO] = "PURE_VIRTIO",
[RANDOM_PURE_BROADCOM] = "PURE_BROADCOM",
[RANDOM_PURE_CCP] = "PURE_CCP",
[RANDOM_PURE_DARN] = "PURE_DARN",
[RANDOM_PURE_TPM] = "PURE_TPM",
[RANDOM_PURE_VMGENID] = "VMGENID",
/* "ENTROPYSOURCE" */
};
/* ARGSUSED */
static int
random_print_harvestmask_symbolic(SYSCTL_HANDLER_ARGS)
{
struct sbuf sbuf;
int error, i;
bool first;
first = true;
error = sysctl_wire_old_buffer(req, 0);
if (error == 0) {
sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
for (i = ENTROPYSOURCE - 1; i >= 0; i--) {
if (i >= RANDOM_PURE_START &&
(hc_source_mask & (1 << i)) == 0)
continue;
if (!first)
sbuf_cat(&sbuf, ",");
sbuf_cat(&sbuf, !(hc_source_mask & (1 << i)) ? "[" : "");
sbuf_cat(&sbuf, random_source_descr[i]);
sbuf_cat(&sbuf, !(hc_source_mask & (1 << i)) ? "]" : "");
first = false;
}
error = sbuf_finish(&sbuf);
sbuf_delete(&sbuf);
}
return (error);
}
SYSCTL_PROC(_kern_random_harvest, OID_AUTO, mask_symbolic,
CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
random_print_harvestmask_symbolic, "A",
"Entropy harvesting mask (symbolic)");
/* ARGSUSED */
static void
random_harvestq_init(void *unused __unused)
{
static const u_int almost_everything_mask =
(((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1) &
~_RANDOM_HARVEST_ETHER_OFF & ~_RANDOM_HARVEST_UMA_OFF);
hc_source_mask = almost_everything_mask;
RANDOM_HARVEST_INIT_LOCK();
harvest_context.hc_entropy_ring.in = harvest_context.hc_entropy_ring.out = 0;
}
SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_THIRD, random_harvestq_init, NULL);
/*
* Subroutine to slice up a contiguous chunk of 'entropy' and feed it into the
* underlying algorithm. Returns number of bytes actually fed into underlying
* algorithm.
*/
static size_t
random_early_prime(char *entropy, size_t len)
{
struct harvest_event event;
size_t i;
len = rounddown(len, sizeof(event.he_entropy));
if (len == 0)
return (0);
for (i = 0; i < len; i += sizeof(event.he_entropy)) {
event.he_somecounter = (uint32_t)get_cyclecount();
event.he_size = sizeof(event.he_entropy);
event.he_source = RANDOM_CACHED;
event.he_destination =
harvest_context.hc_destination[RANDOM_CACHED]++;
memcpy(event.he_entropy, entropy + i, sizeof(event.he_entropy));
random_harvestq_fast_process_event(&event);
}
explicit_bzero(entropy, len);
return (len);
}
/*
* Subroutine to search for known loader-loaded files in memory and feed them
* into the underlying algorithm early in boot. Returns the number of bytes
* loaded (zero if none were loaded).
*/
static size_t
random_prime_loader_file(const char *type)
{
uint8_t *keyfile, *data;
size_t size;
keyfile = preload_search_by_type(type);
if (keyfile == NULL)
return (0);
data = preload_fetch_addr(keyfile);
size = preload_fetch_size(keyfile);
if (data == NULL)
return (0);
return (random_early_prime(data, size));
}
/*
* This is used to prime the RNG by grabbing any early random stuff
* known to the kernel, and inserting it directly into the hashing
* module, currently Fortuna.
*/
/* ARGSUSED */
static void
random_harvestq_prime(void *unused __unused)
{
size_t size;
/*
* Get entropy that may have been preloaded by loader(8)
* and use it to pre-charge the entropy harvest queue.
*/
size = random_prime_loader_file(RANDOM_CACHED_BOOT_ENTROPY_MODULE);
if (bootverbose) {
if (size > 0)
printf("random: read %zu bytes from preloaded cache\n",
size);
else
printf("random: no preloaded entropy cache\n");
}
+ size = random_prime_loader_file(RANDOM_PLATFORM_BOOT_ENTROPY_MODULE);
+ if (bootverbose) {
+ if (size > 0)
+ printf("random: read %zu bytes from platform bootloader\n",
+ size);
+ else
+ printf("random: no platform bootloader entropy\n");
+ }
}
SYSINIT(random_device_prime, SI_SUB_RANDOM, SI_ORDER_MIDDLE, random_harvestq_prime, NULL);
/* ARGSUSED */
static void
random_harvestq_deinit(void *unused __unused)
{
/* Command the hash/reseed thread to end and wait for it to finish */
random_kthread_control = 0;
while (random_kthread_control >= 0)
tsleep(&harvest_context.hc_kthread_proc, 0, "harvqterm", hz/5);
}
SYSUNINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_THIRD, random_harvestq_deinit, NULL);
/*-
* Entropy harvesting queue routine.
*
* This is supposed to be fast; do not do anything slow in here!
* It is also illegal (and morally reprehensible) to insert any
* high-rate data here. "High-rate" is defined as a data source
* that will usually cause lots of failures of the "Lockless read"
* check a few lines below. This includes the "always-on" sources
* like the Intel "rdrand" or the VIA Nehamiah "xstore" sources.
*/
/* XXXRW: get_cyclecount() is cheap on most modern hardware, where cycle
* counters are built in, but on older hardware it will do a real time clock
* read which can be quite expensive.
*/
void
random_harvest_queue_(const void *entropy, u_int size, enum random_entropy_source origin)
{
struct harvest_event *event;
u_int ring_in;
KASSERT(origin >= RANDOM_START && origin < ENTROPYSOURCE, ("%s: origin %d invalid\n", __func__, origin));
RANDOM_HARVEST_LOCK();
ring_in = (harvest_context.hc_entropy_ring.in + 1)%RANDOM_RING_MAX;
if (ring_in != harvest_context.hc_entropy_ring.out) {
/* The ring is not full */
event = harvest_context.hc_entropy_ring.ring + ring_in;
event->he_somecounter = (uint32_t)get_cyclecount();
event->he_source = origin;
event->he_destination = harvest_context.hc_destination[origin]++;
if (size <= sizeof(event->he_entropy)) {
event->he_size = size;
memcpy(event->he_entropy, entropy, size);
}
else {
/* Big event, so squash it */
event->he_size = sizeof(event->he_entropy[0]);
event->he_entropy[0] = jenkins_hash(entropy, size, (uint32_t)(uintptr_t)event);
}
harvest_context.hc_entropy_ring.in = ring_in;
}
RANDOM_HARVEST_UNLOCK();
}
/*-
* Entropy harvesting fast routine.
*
* This is supposed to be very fast; do not do anything slow in here!
* This is the right place for high-rate harvested data.
*/
void
random_harvest_fast_(const void *entropy, u_int size)
{
u_int pos;
pos = harvest_context.hc_entropy_fast_accumulator.pos;
harvest_context.hc_entropy_fast_accumulator.buf[pos] ^= jenkins_hash(entropy, size, (uint32_t)get_cyclecount());
harvest_context.hc_entropy_fast_accumulator.pos = (pos + 1)%RANDOM_ACCUM_MAX;
}
/*-
* Entropy harvesting direct routine.
*
* This is not supposed to be fast, but will only be used during
* (e.g.) booting when initial entropy is being gathered.
*/
void
random_harvest_direct_(const void *entropy, u_int size, enum random_entropy_source origin)
{
struct harvest_event event;
KASSERT(origin >= RANDOM_START && origin < ENTROPYSOURCE, ("%s: origin %d invalid\n", __func__, origin));
size = MIN(size, sizeof(event.he_entropy));
event.he_somecounter = (uint32_t)get_cyclecount();
event.he_size = size;
event.he_source = origin;
event.he_destination = harvest_context.hc_destination[origin]++;
memcpy(event.he_entropy, entropy, size);
random_harvestq_fast_process_event(&event);
}
void
random_harvest_register_source(enum random_entropy_source source)
{
hc_source_mask |= (1 << source);
}
void
random_harvest_deregister_source(enum random_entropy_source source)
{
hc_source_mask &= ~(1 << source);
}
void
random_source_register(struct random_source *rsource)
{
struct random_sources *rrs;
KASSERT(rsource != NULL, ("invalid input to %s", __func__));
rrs = malloc(sizeof(*rrs), M_ENTROPY, M_WAITOK);
rrs->rrs_source = rsource;
random_harvest_register_source(rsource->rs_source);
printf("random: registering fast source %s\n", rsource->rs_ident);
RANDOM_HARVEST_LOCK();
CK_LIST_INSERT_HEAD(&source_list, rrs, rrs_entries);
RANDOM_HARVEST_UNLOCK();
}
void
random_source_deregister(struct random_source *rsource)
{
struct random_sources *rrs = NULL;
KASSERT(rsource != NULL, ("invalid input to %s", __func__));
random_harvest_deregister_source(rsource->rs_source);
RANDOM_HARVEST_LOCK();
CK_LIST_FOREACH(rrs, &source_list, rrs_entries)
if (rrs->rrs_source == rsource) {
CK_LIST_REMOVE(rrs, rrs_entries);
break;
}
RANDOM_HARVEST_UNLOCK();
if (rrs != NULL && epoch_inited)
epoch_wait_preempt(rs_epoch);
free(rrs, M_ENTROPY);
}
static int
random_source_handler(SYSCTL_HANDLER_ARGS)
{
struct epoch_tracker et;
struct random_sources *rrs;
struct sbuf sbuf;
int error, count;
error = sysctl_wire_old_buffer(req, 0);
if (error != 0)
return (error);
sbuf_new_for_sysctl(&sbuf, NULL, 64, req);
count = 0;
epoch_enter_preempt(rs_epoch, &et);
CK_LIST_FOREACH(rrs, &source_list, rrs_entries) {
sbuf_cat(&sbuf, (count++ ? ",'" : "'"));
sbuf_cat(&sbuf, rrs->rrs_source->rs_ident);
sbuf_cat(&sbuf, "'");
}
epoch_exit_preempt(rs_epoch, &et);
error = sbuf_finish(&sbuf);
sbuf_delete(&sbuf);
return (error);
}
SYSCTL_PROC(_kern_random, OID_AUTO, random_sources, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
NULL, 0, random_source_handler, "A",
"List of active fast entropy sources.");
MODULE_VERSION(random_harvestq, 1);
diff --git a/sys/sys/random.h b/sys/sys/random.h
index cfcf4b30e69..02cb409cd99 100644
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@@ -1,167 +1,168 @@
/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2000-2015, 2017 Mark R. V. Murray
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $FreeBSD$
*/
#ifndef _SYS_RANDOM_H_
#define _SYS_RANDOM_H_
#include <sys/types.h>
#ifdef _KERNEL
struct uio;
/*
* In the loadable random world, there are set of dangling pointers left in the
* core kernel:
* * read_random, read_random_uio, is_random_seeded are function pointers,
* rather than functions.
* * p_random_alg_context is a true pointer in loadable random kernels.
*
* These are initialized at SI_SUB_RANDOM:SI_ORDER_SECOND during boot. The
* read-type pointers are initialized by random_alg_context_init() in
* randomdev.c and p_random_alg_context in the algorithm, e.g., fortuna.c's
* random_fortuna_init_alg(). The nice thing about function pointers is they
* have a similar calling convention to ordinary functions.
*
* (In !loadable, the read_random, etc, routines are just plain functions;
* p_random_alg_context is a macro for the public visibility
* &random_alg_context.)
*/
#if defined(RANDOM_LOADABLE)
extern void (*_read_random)(void *, u_int);
extern int (*_read_random_uio)(struct uio *, bool);
extern bool (*_is_random_seeded)(void);
#define read_random(a, b) (*_read_random)(a, b)
#define read_random_uio(a, b) (*_read_random_uio)(a, b)
#define is_random_seeded() (*_is_random_seeded)()
#else
void read_random(void *, u_int);
int read_random_uio(struct uio *, bool);
bool is_random_seeded(void);
#endif
/*
* Note: if you add or remove members of random_entropy_source, remember to
* also update the strings in the static array random_source_descr[] in
* random_harvestq.c.
*/
enum random_entropy_source {
RANDOM_START = 0,
RANDOM_CACHED = 0,
/* Environmental sources */
RANDOM_ATTACH,
RANDOM_KEYBOARD,
RANDOM_MOUSE,
RANDOM_NET_TUN,
RANDOM_NET_ETHER,
RANDOM_NET_NG,
RANDOM_INTERRUPT,
RANDOM_SWI,
RANDOM_FS_ATIME,
RANDOM_UMA, /* Special!! UMA/SLAB Allocator */
RANDOM_ENVIRONMENTAL_END = RANDOM_UMA,
/* Fast hardware random-number sources from here on. */
RANDOM_PURE_START,
RANDOM_PURE_OCTEON = RANDOM_PURE_START,
RANDOM_PURE_SAFE,
RANDOM_PURE_GLXSB,
RANDOM_PURE_HIFN,
RANDOM_PURE_RDRAND,
RANDOM_PURE_NEHEMIAH,
RANDOM_PURE_RNDTEST,
RANDOM_PURE_VIRTIO,
RANDOM_PURE_BROADCOM,
RANDOM_PURE_CCP,
RANDOM_PURE_DARN,
RANDOM_PURE_TPM,
RANDOM_PURE_VMGENID,
RANDOM_PURE_QUALCOMM,
ENTROPYSOURCE
};
_Static_assert(ENTROPYSOURCE <= 32,
"hardcoded assumption that values fit in a typical word-sized bitset");
#define RANDOM_CACHED_BOOT_ENTROPY_MODULE "boot_entropy_cache"
+#define RANDOM_PLATFORM_BOOT_ENTROPY_MODULE "boot_entropy_platform"
extern u_int hc_source_mask;
void random_harvest_queue_(const void *, u_int, enum random_entropy_source);
void random_harvest_fast_(const void *, u_int);
void random_harvest_direct_(const void *, u_int, enum random_entropy_source);
static __inline void
random_harvest_queue(const void *entropy, u_int size, enum random_entropy_source origin)
{
if (hc_source_mask & (1 << origin))
random_harvest_queue_(entropy, size, origin);
}
static __inline void
random_harvest_fast(const void *entropy, u_int size, enum random_entropy_source origin)
{
if (hc_source_mask & (1 << origin))
random_harvest_fast_(entropy, size);
}
static __inline void
random_harvest_direct(const void *entropy, u_int size, enum random_entropy_source origin)
{
if (hc_source_mask & (1 << origin))
random_harvest_direct_(entropy, size, origin);
}
void random_harvest_register_source(enum random_entropy_source);
void random_harvest_deregister_source(enum random_entropy_source);
#if defined(RANDOM_ENABLE_UMA)
#define random_harvest_fast_uma(a, b, c) random_harvest_fast(a, b, c)
#else /* !defined(RANDOM_ENABLE_UMA) */
#define random_harvest_fast_uma(a, b, c) do {} while (0)
#endif /* defined(RANDOM_ENABLE_UMA) */
#if defined(RANDOM_ENABLE_ETHER)
#define random_harvest_queue_ether(a, b) random_harvest_queue(a, b, RANDOM_NET_ETHER)
#else /* !defined(RANDOM_ENABLE_ETHER) */
#define random_harvest_queue_ether(a, b) do {} while (0)
#endif /* defined(RANDOM_ENABLE_ETHER) */
#endif /* _KERNEL */
#define GRND_NONBLOCK 0x1
#define GRND_RANDOM 0x2
#define GRND_INSECURE 0x4
__BEGIN_DECLS
ssize_t getrandom(void *buf, size_t buflen, unsigned int flags);
__END_DECLS
#endif /* _SYS_RANDOM_H_ */
--
2.30.0

File Metadata

Mime Type
text/plain; charset=utf-8
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
4462757
Default Alt Text
D20780 format-patch (99 KB)

Event Timeline