Use "rng-seed" and "kaslr-seed" properties from the device tree to mix in

some extra entropy.

ok deraadt@

diff --git a/sys/arch/arm64/stand/efiboot/Makefile b/sys/arch/arm64/stand/efiboot/Makefile
index 2d7cd68..1c77528 100644 (file)
--- a/sys/arch/arm64/stand/efiboot/Makefile
+++ b/sys/arch/arm64/stand/efiboot/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.13 2021/11/14 21:51:48 guenther Exp $
+#      $OpenBSD: Makefile,v 1.14 2021/12/14 11:05:37 kettenis Exp $
 
 NOMAN=         #
 
@@ -48,7 +48,7 @@ CPPFLAGS+=    -I${S} -I. -I${.CURDIR}
 CPPFLAGS+=     -I${EFIDIR}/include -I${EFIDIR}/include/arm64
 CPPFLAGS+=     -D_STANDALONE
 CPPFLAGS+=     -DSMALL -DSLOW -DNOBYFOUR -D__INTERNAL_LIBSA_CREAD
-CPPFLAGS+=     -DNEEDS_HEAP_H -DFWRANDOM
+CPPFLAGS+=     -DNEEDS_HEAP_H -DMDRANDOM -DFWRANDOM
 COPTS+=                -Wno-attributes -Wno-format
 COPTS+=                -ffreestanding -fno-stack-protector
 COPTS+=                -fshort-wchar -fPIC -fno-builtin

diff --git a/sys/arch/arm64/stand/efiboot/conf.c b/sys/arch/arm64/stand/efiboot/conf.c
index 5a12daf..18f860f 100644 (file)
--- a/sys/arch/arm64/stand/efiboot/conf.c
+++ b/sys/arch/arm64/stand/efiboot/conf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: conf.c,v 1.34 2021/07/09 20:19:46 patrick Exp $       */
+/*     $OpenBSD: conf.c,v 1.35 2021/12/14 11:05:37 kettenis Exp $      */
 
 /*
  * Copyright (c) 1996 Michael Shalayeff
@@ -46,7 +46,7 @@
 #include "efipxe.h"
 #include "softraid_arm64.h"
 
-const char version[] = "1.6";
+const char version[] = "1.7";
 int    debug = 0;
 
 struct fs_ops file_system[] = {

diff --git a/sys/arch/arm64/stand/efiboot/efiboot.c b/sys/arch/arm64/stand/efiboot/efiboot.c
index fb3f646..b88ce3c 100644 (file)
--- a/sys/arch/arm64/stand/efiboot/efiboot.c
+++ b/sys/arch/arm64/stand/efiboot/efiboot.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: efiboot.c,v 1.36 2021/10/26 14:10:02 patrick Exp $    */
+/*     $OpenBSD: efiboot.c,v 1.37 2021/12/14 11:05:37 kettenis Exp $   */
 
 /*
  * Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@@ -47,6 +47,7 @@ EFI_SYSTEM_TABLE      *ST;
 EFI_BOOT_SERVICES      *BS;
 EFI_RUNTIME_SERVICES   *RS;
 EFI_HANDLE              IH, efi_bootdp;
+void                   *fdt = NULL;
 
 EFI_PHYSICAL_ADDRESS    heap;
 UINTN                   heapsiz = 1 * 1024 * 1024;
@@ -60,6 +61,9 @@ static EFI_GUID                imgp_guid = LOADED_IMAGE_PROTOCOL;
 static EFI_GUID                 blkio_guid = BLOCK_IO_PROTOCOL;
 static EFI_GUID                 devp_guid = DEVICE_PATH_PROTOCOL;
 static EFI_GUID                 gop_guid = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID;
+static EFI_GUID                 fdt_guid = FDT_TABLE_GUID;
+
+#defin efi_guidcmp(_a, _b)     memcmp((_a), (_b), sizeof(EFI_GUID))
 
 int efi_device_path_depth(EFI_DEVICE_PATH *dp, int);
 int efi_device_path_ncmp(EFI_DEVICE_PATH *, EFI_DEVICE_PATH *, int);
@@ -76,6 +80,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
        EFI_LOADED_IMAGE        *imgp;
        EFI_DEVICE_PATH         *dp = NULL;
        EFI_STATUS               status;
+       int                      i;
 
        ST = systab;
        BS = ST->BootServices;
@@ -93,6 +98,13 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
        if (status == EFI_SUCCESS)
                efi_bootdp = dp;
 
+       for (i = 0; i < ST->NumberOfTableEntries; i++) {
+               if (efi_guidcmp(&fdt_guid,
+                   &ST->ConfigurationTable[i].VendorGuid) == 0)
+                       fdt = ST->ConfigurationTable[i].VendorTable;
+       }
+       fdt_init(fdt);
+
        progname = "BOOTAA64";
 
        boot(0);
@@ -518,11 +530,7 @@ efi_dma_constraint(void)
 }
 
 int acpi = 0;
-void *fdt = NULL;
 char *bootmac = NULL;
-static EFI_GUID fdt_guid = FDT_TABLE_GUID;
-
-#define        efi_guidcmp(_a, _b)     memcmp((_a), (_b), sizeof(EFI_GUID))
 
 void *
 efi_makebootargs(char *bootargs, int howto)
@@ -535,15 +543,6 @@ efi_makebootargs(char *bootargs, int howto)
        EFI_PHYSICAL_ADDRESS addr;
        void *node;
        size_t len;
-       int i;
-
-       if (fdt == NULL) {
-               for (i = 0; i < ST->NumberOfTableEntries; i++) {
-                       if (efi_guidcmp(&fdt_guid,
-                           &ST->ConfigurationTable[i].VendorGuid) == 0)
-                               fdt = ST->ConfigurationTable[i].VendorTable;
-               }
-       }
 
        if (fdt == NULL || acpi)
                fdt = efi_acpi();
@@ -995,6 +994,34 @@ efi_memprobe_find(UINTN pages, UINTN align, EFI_PHYSICAL_ADDRESS *addr)
        return EFI_OUT_OF_RESOURCES;
 }
 
+int
+mdrandom(char *buf, size_t buflen)
+{
+       char *random;
+       void *node;
+       int i, len, ret = -1;
+
+       node = fdt_find_node("/chosen");
+       if (!node)
+               return -1;
+
+       len = fdt_node_property(node, "rng-seed", &random);
+       if (len > 0) {
+               for (i = 0; i < buflen; i++)
+                       buf[i] ^= random[i % len];
+               ret = 0;
+       }
+
+       len = fdt_node_property(node, "kaslr-seed", &random);
+       if (len > 0) {
+               for (i = 0; i < buflen; i++)
+                       buf[i] ^= random[i % len];
+               ret = 0;
+       }
+
+       return ret;
+}
+
 /*
  * Commands
  */