HomeFreeBSD

Add support for getting early entropy from UEFI

Description

Add support for getting early entropy from UEFI

UEFI provides a protocol for accessing randomness. This is a good way
to gather early entropy, especially when there's no driver for the RNG
on the platform (as is the case on the Marvell Armada8k (MACCHIATObin)
for now).

If the entropy_efi_seed option is enabled in loader.conf (default: YES)
obtain 2048 bytes of entropy from UEFI and pass is to the kernel as a
"module" of name "efi_rng_seed" and type "boot_entropy_platform"; if
present, ingest it into the kernel RNG.

Submitted by: Greg V
Reviewed by: markm, kevans
Approved by: csprng (markm), re (delphij)
Differential Revision: https://reviews.freebsd.org/D20780

Details

Provenance
cpercivaAuthored on Feb 17 2022, 9:01 PM
Reviewer
markm
Differential Revision
D20780: Add support for getting early entropy from the UEFI RNG protocol
Parents
rG626c1423ee93: libc __sfvwrite(): roll back FILE buffer pointer on fflush error
Branches
Unknown
Tags
Unknown