x86: efi/random: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table
Invoke the EFI_RNG_PROTOCOL protocol in the context of the x86 EFI stub, same as is done on arm/arm64 since commit 568bc4e87033 ("efi/arm*/libstub: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table"). Within the stub, a Linux-specific RNG seed UEFI config table will be seeded. The EFI routines in the core kernel will pick that up later, yet still early during boot, to seed the kernel entropy pool. If CONFIG_RANDOM_TRUST_BOOTLOADER, entropy is credited for this seed. Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This commit is contained in:
parent
41e8a7c249
commit
0d95981438
@ -782,6 +782,9 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
|
||||
|
||||
/* Ask the firmware to clear memory on unclean shutdown */
|
||||
efi_enable_reset_attack_mitigation(sys_table);
|
||||
|
||||
efi_random_get_seed(sys_table);
|
||||
|
||||
efi_retrieve_tpm2_eventlog(sys_table);
|
||||
|
||||
setup_graphics(boot_params);
|
||||
|
@ -38,7 +38,8 @@ OBJECT_FILES_NON_STANDARD := y
|
||||
# Prevents link failures: __sanitizer_cov_trace_pc() is not linked in.
|
||||
KCOV_INSTRUMENT := n
|
||||
|
||||
lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o
|
||||
lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o \
|
||||
random.o
|
||||
|
||||
# include the stub's generic dependencies from lib/ when building for ARM/arm64
|
||||
arm-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
|
||||
@ -47,7 +48,7 @@ arm-deps-$(CONFIG_ARM64) += sort.c
|
||||
$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
|
||||
$(call if_changed_rule,cc_o_c)
|
||||
|
||||
lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o random.o \
|
||||
lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o \
|
||||
$(patsubst %.c,lib-%.o,$(arm-deps-y))
|
||||
|
||||
lib-$(CONFIG_ARM) += arm32-stub.o
|
||||
|
@ -63,8 +63,6 @@ efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg,
|
||||
|
||||
efi_status_t check_platform_features(efi_system_table_t *sys_table_arg);
|
||||
|
||||
efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg);
|
||||
|
||||
void *get_efi_config_table(efi_system_table_t *sys_table, efi_guid_t guid);
|
||||
|
||||
/* Helper macros for the usual case of using simple C variables: */
|
||||
|
@ -1645,6 +1645,8 @@ static inline void
|
||||
efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) { }
|
||||
#endif
|
||||
|
||||
efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg);
|
||||
|
||||
void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table);
|
||||
|
||||
/*
|
||||
|
Loading…
x
Reference in New Issue
Block a user