Depending on RANDOM_TRUST_BOOTLOADER, bootloader-provided randomness
is credited as entropy. As the UEFI seeding entropy pool is seeded by
the UEFI firmware/bootloader, add its content as bootloader randomness.
Note that this UEFI (v2.4 or newer) feature is currently only
implemented for EFI stub booting on ARM, and further note that
RANDOM_TRUST_BOOTLOADER must only be enabled if there indeed is
sufficient trust in the bootloader _and_ its source of randomness.
Signed-off-by: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
Cc: Hsin-Yi Wang <hsinyi@xxxxxxxxxxxx>
Cc: Stephen Boyd <swboyd@xxxxxxxxxxxx>
Cc: Rob Herring <robh@xxxxxxxxxx>
Cc: Theodore Ts'o <tytso@xxxxxxx>
Cc: Lee, Chun-Yi <joeyli.kernel@xxxxxxxxx>
---
Untested patch, as efi_random_get_seed() is only hooked up on ARM,
and the firmware on my old x86 laptop only has UEFI v2.31 anyway.
Thanks,
Dominik
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 8f1ab04f6743..db0bffce754e 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -545,7 +545,7 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
sizeof(*seed) + size);
if (seed != NULL) {
pr_notice("seeding entropy pool\n");
- add_device_randomness(seed->bits, seed->size);
+ add_bootloader_randomness(seed->bits, seed->size);
early_memunmap(seed, sizeof(*seed) + size);
} else {
pr_err("Could not map UEFI random seed!\n");
