diff options
author | Hsin-Yi Wang <hsinyi@chromium.org> | 2019-08-23 08:24:51 +0200 |
---|---|---|
committer | Will Deacon <will@kernel.org> | 2019-08-23 17:39:26 +0200 |
commit | 428826f5358c922dc378830a1717b682c0823160 (patch) | |
tree | c6487033843f52641f669cd90275466f4fff16f9 /drivers/char/Kconfig | |
parent | arm64: map FDT as RW for early_init_dt_scan() (diff) | |
download | linux-428826f5358c922dc378830a1717b682c0823160.tar.xz linux-428826f5358c922dc378830a1717b682c0823160.zip |
fdt: add support for rng-seed
Introducing a chosen node, rng-seed, which is an entropy that can be
passed to kernel called very early to increase initial device
randomness. Bootloader should provide this entropy and the value is
read from /chosen/rng-seed in DT.
Obtain of_fdt_crc32 for CRC check after early_init_dt_scan_nodes(),
since early_init_dt_scan_chosen() would modify fdt to erase rng-seed.
Add a new interface add_bootloader_randomness() for rng-seed use case.
Depends on whether the seed is trustworthy, rng seed would be passed to
add_hwgenerator_randomness(). Otherwise it would be passed to
add_device_randomness(). Decision is controlled by kernel config
RANDOM_TRUST_BOOTLOADER.
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Rob Herring <robh@kernel.org>
Reviewed-by: Theodore Ts'o <tytso@mit.edu> # drivers/char/random.c
Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'drivers/char/Kconfig')
-rw-r--r-- | drivers/char/Kconfig | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig index 3e866885a405..2794f4b3f62d 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -573,3 +573,12 @@ config RANDOM_TRUST_CPU has not installed a hidden back door to compromise the CPU's random number generation facilities. This can also be configured at boot with "random.trust_cpu=on/off". + +config RANDOM_TRUST_BOOTLOADER + bool "Trust the bootloader to initialize Linux's CRNG" + help + Some bootloaders can provide entropy to increase the kernel's initial + device randomness. Say Y here to assume the entropy provided by the + booloader is trustworthy so it will be added to the kernel's entropy + pool. Otherwise, say N here so it will be regarded as device input that + only mixes the entropy pool.
\ No newline at end of file |