diff options
| author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2017-08-25 11:50:16 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2017-08-26 03:20:33 -0400 |
| commit | c2ceb5fd4e921506e86208b82fca716a2c3aad59 (patch) | |
| tree | 960b9e5412ea59b8326b83939104f1c1ada0cab1 | |
| parent | ccc829ba3624beb9a703fc995d016b836d9eead8 (diff) | |
efi/random: Increase size of firmware supplied randomness
The crng code requires at least 64 bytes (2 * CHACHA20_BLOCK_SIZE)
to complete the fast boot-time init, so provide that many bytes
when invoking UEFI protocols to seed the entropy pool. Also, add
a notice so we can tell from the boot log when the seeding actually
took place.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20170825155019.6740-3-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
| -rw-r--r-- | drivers/firmware/efi/efi.c | 3 | ||||
| -rw-r--r-- | drivers/firmware/efi/libstub/random.c | 10 | ||||
| -rw-r--r-- | include/linux/efi.h | 2 |
3 files changed, 8 insertions, 7 deletions
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index a32e1460ade8..c8a27a2c30c1 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c | |||
| @@ -541,6 +541,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz, | |||
| 541 | if (seed != NULL) { | 541 | if (seed != NULL) { |
| 542 | add_device_randomness(seed->bits, seed->size); | 542 | add_device_randomness(seed->bits, seed->size); |
| 543 | early_memunmap(seed, sizeof(*seed) + size); | 543 | early_memunmap(seed, sizeof(*seed) + size); |
| 544 | pr_notice("seeding entropy pool\n"); | ||
| 544 | } else { | 545 | } else { |
| 545 | pr_err("Could not map UEFI random seed!\n"); | 546 | pr_err("Could not map UEFI random seed!\n"); |
| 546 | } | 547 | } |
| @@ -900,7 +901,7 @@ static int update_efi_random_seed(struct notifier_block *nb, | |||
| 900 | 901 | ||
| 901 | seed = memremap(efi.rng_seed, sizeof(*seed), MEMREMAP_WB); | 902 | seed = memremap(efi.rng_seed, sizeof(*seed), MEMREMAP_WB); |
| 902 | if (seed != NULL) { | 903 | if (seed != NULL) { |
| 903 | size = min(seed->size, 32U); | 904 | size = min(seed->size, EFI_RANDOM_SEED_SIZE); |
| 904 | memunmap(seed); | 905 | memunmap(seed); |
| 905 | } else { | 906 | } else { |
| 906 | pr_err("Could not map UEFI random seed!\n"); | 907 | pr_err("Could not map UEFI random seed!\n"); |
diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c index 7e72954d5860..e0e603a89aa9 100644 --- a/drivers/firmware/efi/libstub/random.c +++ b/drivers/firmware/efi/libstub/random.c | |||
| @@ -145,8 +145,6 @@ efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg, | |||
| 145 | return status; | 145 | return status; |
| 146 | } | 146 | } |
| 147 | 147 | ||
| 148 | #define RANDOM_SEED_SIZE 32 | ||
| 149 | |||
| 150 | efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg) | 148 | efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg) |
| 151 | { | 149 | { |
| 152 | efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; | 150 | efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; |
| @@ -162,25 +160,25 @@ efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg) | |||
| 162 | return status; | 160 | return status; |
| 163 | 161 | ||
| 164 | status = efi_call_early(allocate_pool, EFI_RUNTIME_SERVICES_DATA, | 162 | status = efi_call_early(allocate_pool, EFI_RUNTIME_SERVICES_DATA, |
| 165 | sizeof(*seed) + RANDOM_SEED_SIZE, | 163 | sizeof(*seed) + EFI_RANDOM_SEED_SIZE, |
| 166 | (void **)&seed); | 164 | (void **)&seed); |
| 167 | if (status != EFI_SUCCESS) | 165 | if (status != EFI_SUCCESS) |
| 168 | return status; | 166 | return status; |
| 169 | 167 | ||
| 170 | status = rng->get_rng(rng, &rng_algo_raw, RANDOM_SEED_SIZE, | 168 | status = rng->get_rng(rng, &rng_algo_raw, EFI_RANDOM_SEED_SIZE, |
| 171 | seed->bits); | 169 | seed->bits); |
| 172 | if (status == EFI_UNSUPPORTED) | 170 | if (status == EFI_UNSUPPORTED) |
| 173 | /* | 171 | /* |
| 174 | * Use whatever algorithm we have available if the raw algorithm | 172 | * Use whatever algorithm we have available if the raw algorithm |
| 175 | * is not implemented. | 173 | * is not implemented. |
| 176 | */ | 174 | */ |
| 177 | status = rng->get_rng(rng, NULL, RANDOM_SEED_SIZE, | 175 | status = rng->get_rng(rng, NULL, EFI_RANDOM_SEED_SIZE, |
| 178 | seed->bits); | 176 | seed->bits); |
| 179 | 177 | ||
| 180 | if (status != EFI_SUCCESS) | 178 | if (status != EFI_SUCCESS) |
| 181 | goto err_freepool; | 179 | goto err_freepool; |
| 182 | 180 | ||
| 183 | seed->size = RANDOM_SEED_SIZE; | 181 | seed->size = EFI_RANDOM_SEED_SIZE; |
| 184 | status = efi_call_early(install_configuration_table, &rng_table_guid, | 182 | status = efi_call_early(install_configuration_table, &rng_table_guid, |
| 185 | seed); | 183 | seed); |
| 186 | if (status != EFI_SUCCESS) | 184 | if (status != EFI_SUCCESS) |
diff --git a/include/linux/efi.h b/include/linux/efi.h index c241acca0b15..33d41df062bc 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h | |||
| @@ -1571,6 +1571,8 @@ efi_status_t efi_exit_boot_services(efi_system_table_t *sys_table, | |||
| 1571 | void *priv, | 1571 | void *priv, |
| 1572 | efi_exit_boot_map_processing priv_func); | 1572 | efi_exit_boot_map_processing priv_func); |
| 1573 | 1573 | ||
| 1574 | #define EFI_RANDOM_SEED_SIZE 64U | ||
| 1575 | |||
| 1574 | struct linux_efi_random_seed { | 1576 | struct linux_efi_random_seed { |
| 1575 | u32 size; | 1577 | u32 size; |
| 1576 | u8 bits[]; | 1578 | u8 bits[]; |