summaryrefslogtreecommitdiffstats
path: root/drivers/char/Kconfig
diff options
context:
space:
mode:
authorHsin-Yi Wang <hsinyi@chromium.org>2019-08-23 08:24:51 +0200
committerWill Deacon <will@kernel.org>2019-08-23 17:39:26 +0200
commit428826f5358c922dc378830a1717b682c0823160 (patch)
treec6487033843f52641f669cd90275466f4fff16f9 /drivers/char/Kconfig
parentarm64: map FDT as RW for early_init_dt_scan() (diff)
downloadlinux-428826f5358c922dc378830a1717b682c0823160.tar.xz
linux-428826f5358c922dc378830a1717b682c0823160.zip
fdt: add support for rng-seed
Introducing a chosen node, rng-seed, which is an entropy that can be passed to kernel called very early to increase initial device randomness. Bootloader should provide this entropy and the value is read from /chosen/rng-seed in DT. Obtain of_fdt_crc32 for CRC check after early_init_dt_scan_nodes(), since early_init_dt_scan_chosen() would modify fdt to erase rng-seed. Add a new interface add_bootloader_randomness() for rng-seed use case. Depends on whether the seed is trustworthy, rng seed would be passed to add_hwgenerator_randomness(). Otherwise it would be passed to add_device_randomness(). Decision is controlled by kernel config RANDOM_TRUST_BOOTLOADER. Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org> Reviewed-by: Stephen Boyd <swboyd@chromium.org> Reviewed-by: Rob Herring <robh@kernel.org> Reviewed-by: Theodore Ts'o <tytso@mit.edu> # drivers/char/random.c Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'drivers/char/Kconfig')
-rw-r--r--drivers/char/Kconfig9
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 3e866885a405..2794f4b3f62d 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -573,3 +573,12 @@ config RANDOM_TRUST_CPU
has not installed a hidden back door to compromise the CPU's
random number generation facilities. This can also be configured
at boot with "random.trust_cpu=on/off".
+
+config RANDOM_TRUST_BOOTLOADER
+ bool "Trust the bootloader to initialize Linux's CRNG"
+ help
+ Some bootloaders can provide entropy to increase the kernel's initial
+ device randomness. Say Y here to assume the entropy provided by the
+ booloader is trustworthy so it will be added to the kernel's entropy
+ pool. Otherwise, say N here so it will be regarded as device input that
+ only mixes the entropy pool. \ No newline at end of file