In order to pass fresh entropy to kexec'd kernels, use BI_RNG_SEED for passing a seed, with the same semantics that kexec-tools currently uses for i386's setup_data. Cc: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> --- Geert - this hasn't been compile tested yet and also depends on changes that haven't yet landed upstream. Posting this preliminarily now. -Jason kexec/arch/m68k/bootinfo.c | 23 +++++++++++++++++++++++ kexec/arch/m68k/bootinfo.h | 5 +++++ kexec/arch/m68k/kexec-elf-m68k.c | 1 + 3 files changed, 29 insertions(+) diff --git a/kexec/arch/m68k/bootinfo.c b/kexec/arch/m68k/bootinfo.c index 18bf226..086a34b 100644 --- a/kexec/arch/m68k/bootinfo.c +++ b/kexec/arch/m68k/bootinfo.c @@ -2,6 +2,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/random.h> #include "../../kexec.h" @@ -152,6 +153,11 @@ void bootinfo_print(void) printf("BI_COMMAND_LINE: %s\n", bi->string); break; + case BI_RNG_SEED: + /* These are secret, so never print them to the console */ + printf("BI_RNG_SEED: 0x%08x bytes\n", be16_to_cpu(bi->rng_seed.len)); + break; + default: printf("BI tag 0x%04x size %u\n", tag, size); break; @@ -212,6 +218,23 @@ void bootinfo_set_ramdisk(unsigned long ramdisk_addr, bi->mem_info.size = ramdisk_size; } +void bootinfo_add_rng_seed(void) +{ + enum { RNG_SEED_LEN = 32 }; + struct bi_rec *bi; + + /* Remove existing rng seed records */ + bi_remove(BI_RNG_SEED); + + /* Add new rng seed record */ + bi = bi_add(BI_RNG_SEED, sizeof(bi->rng_seed) + RNG_SEED_LEN); + if (getrandom(bi->rng_seed.data, RNG_SEED_LEN, GRND_NONBLOCK) != RNG_SEED_LEN) { + bi_remove(BI_RNG_SEED); + return; + } + bi->rng_seed.len = cpu_to_be16(RNG_SEED_LEN); +} + /* * Check the bootinfo version in the kernel image diff --git a/kexec/arch/m68k/bootinfo.h b/kexec/arch/m68k/bootinfo.h index b6f453d..90f75ad 100644 --- a/kexec/arch/m68k/bootinfo.h +++ b/kexec/arch/m68k/bootinfo.h @@ -20,6 +20,10 @@ struct bi_rec { __be32 size; } mem_info; char string[0]; + struct { + __be16 len; + u8 data[0]; + } rng_seed; }; }; @@ -39,5 +43,6 @@ extern int bootinfo_get_memory_ranges(struct memory_range **range); extern void bootinfo_set_cmdline(const char *cmdline); extern void bootinfo_set_ramdisk(unsigned long ramdisk_addr, unsigned long ramdisk_size); +extern void bootinfo_add_rng_seed(void); extern void bootinfo_check_bootversion(const struct kexec_info *info); extern void add_bootinfo(struct kexec_info *info, unsigned long addr); diff --git a/kexec/arch/m68k/kexec-elf-m68k.c b/kexec/arch/m68k/kexec-elf-m68k.c index 8d00eb9..a2bf7ee 100644 --- a/kexec/arch/m68k/kexec-elf-m68k.c +++ b/kexec/arch/m68k/kexec-elf-m68k.c @@ -162,6 +162,7 @@ int elf_m68k_load(int argc, char **argv, const char *buf, off_t len, /* Update and add bootinfo */ bootinfo_set_cmdline(cmdline); bootinfo_set_ramdisk(ramdisk_addr, ramdisk_size); + bootinfo_add_rng_seed(); if (kexec_debug) bootinfo_print(); add_bootinfo(info, bootinfo_addr); -- 2.37.3 _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec