From: kettenis Date: Tue, 14 Dec 2021 11:05:37 +0000 (+0000) Subject: Use "rng-seed" and "kaslr-seed" properties from the device tree to mix in X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f346842665697e3b2d7e51d9094f890ad9351808;p=openbsd Use "rng-seed" and "kaslr-seed" properties from the device tree to mix in some extra entropy. ok deraadt@ --- diff --git a/sys/arch/arm64/stand/efiboot/Makefile b/sys/arch/arm64/stand/efiboot/Makefile index 2d7cd68b837..1c77528a846 100644 --- a/sys/arch/arm64/stand/efiboot/Makefile +++ b/sys/arch/arm64/stand/efiboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.13 2021/11/14 21:51:48 guenther Exp $ +# $OpenBSD: Makefile,v 1.14 2021/12/14 11:05:37 kettenis Exp $ NOMAN= # @@ -48,7 +48,7 @@ CPPFLAGS+= -I${S} -I. -I${.CURDIR} CPPFLAGS+= -I${EFIDIR}/include -I${EFIDIR}/include/arm64 CPPFLAGS+= -D_STANDALONE CPPFLAGS+= -DSMALL -DSLOW -DNOBYFOUR -D__INTERNAL_LIBSA_CREAD -CPPFLAGS+= -DNEEDS_HEAP_H -DFWRANDOM +CPPFLAGS+= -DNEEDS_HEAP_H -DMDRANDOM -DFWRANDOM COPTS+= -Wno-attributes -Wno-format COPTS+= -ffreestanding -fno-stack-protector COPTS+= -fshort-wchar -fPIC -fno-builtin diff --git a/sys/arch/arm64/stand/efiboot/conf.c b/sys/arch/arm64/stand/efiboot/conf.c index 5a12daf36b2..18f860f42e8 100644 --- a/sys/arch/arm64/stand/efiboot/conf.c +++ b/sys/arch/arm64/stand/efiboot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.34 2021/07/09 20:19:46 patrick Exp $ */ +/* $OpenBSD: conf.c,v 1.35 2021/12/14 11:05:37 kettenis Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff @@ -46,7 +46,7 @@ #include "efipxe.h" #include "softraid_arm64.h" -const char version[] = "1.6"; +const char version[] = "1.7"; int debug = 0; struct fs_ops file_system[] = { diff --git a/sys/arch/arm64/stand/efiboot/efiboot.c b/sys/arch/arm64/stand/efiboot/efiboot.c index fb3f646faa0..b88ce3c7fdb 100644 --- a/sys/arch/arm64/stand/efiboot/efiboot.c +++ b/sys/arch/arm64/stand/efiboot/efiboot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: efiboot.c,v 1.36 2021/10/26 14:10:02 patrick Exp $ */ +/* $OpenBSD: efiboot.c,v 1.37 2021/12/14 11:05:37 kettenis Exp $ */ /* * Copyright (c) 2015 YASUOKA Masahiko @@ -47,6 +47,7 @@ EFI_SYSTEM_TABLE *ST; EFI_BOOT_SERVICES *BS; EFI_RUNTIME_SERVICES *RS; EFI_HANDLE IH, efi_bootdp; +void *fdt = NULL; EFI_PHYSICAL_ADDRESS heap; UINTN heapsiz = 1 * 1024 * 1024; @@ -60,6 +61,9 @@ static EFI_GUID imgp_guid = LOADED_IMAGE_PROTOCOL; static EFI_GUID blkio_guid = BLOCK_IO_PROTOCOL; static EFI_GUID devp_guid = DEVICE_PATH_PROTOCOL; static EFI_GUID gop_guid = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID; +static EFI_GUID fdt_guid = FDT_TABLE_GUID; + +#defin efi_guidcmp(_a, _b) memcmp((_a), (_b), sizeof(EFI_GUID)) int efi_device_path_depth(EFI_DEVICE_PATH *dp, int); int efi_device_path_ncmp(EFI_DEVICE_PATH *, EFI_DEVICE_PATH *, int); @@ -76,6 +80,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) EFI_LOADED_IMAGE *imgp; EFI_DEVICE_PATH *dp = NULL; EFI_STATUS status; + int i; ST = systab; BS = ST->BootServices; @@ -93,6 +98,13 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) if (status == EFI_SUCCESS) efi_bootdp = dp; + for (i = 0; i < ST->NumberOfTableEntries; i++) { + if (efi_guidcmp(&fdt_guid, + &ST->ConfigurationTable[i].VendorGuid) == 0) + fdt = ST->ConfigurationTable[i].VendorTable; + } + fdt_init(fdt); + progname = "BOOTAA64"; boot(0); @@ -518,11 +530,7 @@ efi_dma_constraint(void) } int acpi = 0; -void *fdt = NULL; char *bootmac = NULL; -static EFI_GUID fdt_guid = FDT_TABLE_GUID; - -#define efi_guidcmp(_a, _b) memcmp((_a), (_b), sizeof(EFI_GUID)) void * efi_makebootargs(char *bootargs, int howto) @@ -535,15 +543,6 @@ efi_makebootargs(char *bootargs, int howto) EFI_PHYSICAL_ADDRESS addr; void *node; size_t len; - int i; - - if (fdt == NULL) { - for (i = 0; i < ST->NumberOfTableEntries; i++) { - if (efi_guidcmp(&fdt_guid, - &ST->ConfigurationTable[i].VendorGuid) == 0) - fdt = ST->ConfigurationTable[i].VendorTable; - } - } if (fdt == NULL || acpi) fdt = efi_acpi(); @@ -995,6 +994,34 @@ efi_memprobe_find(UINTN pages, UINTN align, EFI_PHYSICAL_ADDRESS *addr) return EFI_OUT_OF_RESOURCES; } +int +mdrandom(char *buf, size_t buflen) +{ + char *random; + void *node; + int i, len, ret = -1; + + node = fdt_find_node("/chosen"); + if (!node) + return -1; + + len = fdt_node_property(node, "rng-seed", &random); + if (len > 0) { + for (i = 0; i < buflen; i++) + buf[i] ^= random[i % len]; + ret = 0; + } + + len = fdt_node_property(node, "kaslr-seed", &random); + if (len > 0) { + for (i = 0; i < buflen; i++) + buf[i] ^= random[i % len]; + ret = 0; + } + + return ret; +} + /* * Commands */