efi: Add support for seeding the RNG from a UEFI config table
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Sat, 12 Nov 2016 21:32:31 +0000 (21:32 +0000)
committerIngo Molnar <mingo@kernel.org>
Sun, 13 Nov 2016 07:23:14 +0000 (08:23 +0100)
commit636259880a7e7d3446a707dddebc799da94bdd0b
tree6ae9f5404dd55746138bbcf0b4c790bd285f3077
parentf135a176426fc643caf6480e3200f1733f58dbf6
efi: Add support for seeding the RNG from a UEFI config table

Specify a Linux specific UEFI configuration table that carries some
random bits, and use the contents during early boot to seed the kernel's
random number generator. This allows much strong random numbers to be
generated early on.

The entropy is fed to the kernel using add_device_randomness(), which is
documented as being appropriate for being called very early.

Since UEFI configuration tables may also be consumed by kexec'd kernels,
register a reboot notifier that updates the seed in the table.

Note that the config table could be generated by the EFI stub or by any
other UEFI driver or application (e.g., GRUB), but the random seed table
GUID and the associated functionality should be considered an internal
kernel interface (unless it is promoted to ABI later on)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20161112213237.8804-4-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
drivers/firmware/efi/efi.c
include/linux/efi.h