From a0742bb58ed54231f5c2bda855b9954218afa00e Mon Sep 17 00:00:00 2001 From: Stephen Boyd Date: Thu, 13 Feb 2020 17:48:08 -0800 Subject: arch64: Support rng-seed to seed the kernel's rng Having this property in the chosen node in conjuction with CONFIG_RANDOM_TRUST_BOOTLOADER lets us seed the kernel's random number generator with some truly random numbers. This is useful to get a better stack canary than the default build time one and it means that you should see a message like: random: get_random_bytes called from start_kernel+0x1e8/0x39c with crng_init=1 instead of a message like random: get_random_bytes called from start_kernel+0x1e8/0x39c with crng_init=0 in the kernel logs. We seed 256 bytes here because that seems good enough to kick start the rng. BUG=None TEST=Boot vm, see crng_init=1 when guest kernel has CONFIG_RANDOM_TRUST_BOOTLOADER=y Change-Id: If3689f56cc17204a16410cf368e8413de160646c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2055526 Reviewed-by: Sonny Rao Reviewed-by: Dylan Reid Reviewed-by: Hsin-Yi Wang Reviewed-by: Stephen Barber Reviewed-by: Daniel Verkamp Tested-by: kokoro Tested-by: Stephen Boyd Commit-Queue: Stephen Boyd --- aarch64/src/fdt.rs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'aarch64/src') diff --git a/aarch64/src/fdt.rs b/aarch64/src/fdt.rs index 23d0481..9dcafa5 100644 --- a/aarch64/src/fdt.rs +++ b/aarch64/src/fdt.rs @@ -197,6 +197,12 @@ fn create_chosen_node( let kaslr_seed = u64::from_le_bytes(kaslr_seed_bytes); property_u64(fdt, "kaslr-seed", kaslr_seed)?; + let mut rng_seed_bytes = [0u8; 256]; + random_file + .read_exact(&mut rng_seed_bytes) + .map_err(Error::FdtIoError)?; + property(fdt, "rng-seed", &rng_seed_bytes)?; + if let Some((initrd_addr, initrd_size)) = initrd { let initrd_start = initrd_addr.offset() as u32; let initrd_end = initrd_start + initrd_size as u32; -- cgit 1.4.1