arch64: Support rng-seed to seed the kernel's rng

Having this property in the chosen node in conjuction with
CONFIG_RANDOM_TRUST_BOOTLOADER lets us seed the kernel's random number
generator with some truly random numbers. This is useful to get a better
stack canary than the default build time one and it means that you
should see a message like:

   random: get_random_bytes called from start_kernel+0x1e8/0x39c with crng_init=1

instead of a message like

   random: get_random_bytes called from start_kernel+0x1e8/0x39c with crng_init=0

in the kernel logs. We seed 256 bytes here because that seems good
enough to kick start the rng.

BUG=None
TEST=Boot vm, see crng_init=1 when guest kernel has
CONFIG_RANDOM_TRUST_BOOTLOADER=y

Change-Id: If3689f56cc17204a16410cf368e8413de160646c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2055526
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Hsin-Yi Wang <hsinyi@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Stephen Boyd <swboyd@chromium.org>
Commit-Queue: Stephen Boyd <swboyd@chromium.org>

1 files changed, 6 insertions, 0 deletions

diff --git a/aarch64/src/fdt.rs b/aarch64/src/fdt.rs
index 23d0481..9dcafa5 100644
--- a/aarch64/src/fdt.rs
+++ b/aarch64/src/fdt.rs
@@ -197,6 +197,12 @@ fn create_chosen_node(
     let kaslr_seed = u64::from_le_bytes(kaslr_seed_bytes);
     property_u64(fdt, "kaslr-seed", kaslr_seed)?;
 
+    let mut rng_seed_bytes = [0u8; 256];
+    random_file
+        .read_exact(&mut rng_seed_bytes)
+        .map_err(Error::FdtIoError)?;
+    property(fdt, "rng-seed", &rng_seed_bytes)?;
+
     if let Some((initrd_addr, initrd_size)) = initrd {
         let initrd_start = initrd_addr.offset() as u32;
         let initrd_end = initrd_start + initrd_size as u32;