diff options
Diffstat (limited to '0002-random-treat-bootloader-trust-toggle-the-same-way-as.patch')
| -rw-r--r-- | 0002-random-treat-bootloader-trust-toggle-the-same-way-as.patch | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/0002-random-treat-bootloader-trust-toggle-the-same-way-as.patch b/0002-random-treat-bootloader-trust-toggle-the-same-way-as.patch new file mode 100644 index 000000000000..e3afef7dc011 --- /dev/null +++ b/0002-random-treat-bootloader-trust-toggle-the-same-way-as.patch @@ -0,0 +1,94 @@ +From 22365749abd27f2cb582a049da42b7c7a02b6bfe Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" <Jason@zx2c4.com> +Date: Wed, 23 Mar 2022 23:09:30 -0600 +Subject: [PATCH 2/4] random: treat bootloader trust toggle the same way as cpu + trust toggle + +If CONFIG_RANDOM_TRUST_CPU is set, the RNG initializes using RDRAND. +But, the user can disable (or enable) this behavior by setting +`random.trust_cpu=0/1` on the kernel command line. This allows system +builders to do reasonable things while avoiding howls from tinfoil +hatters. (Or vice versa.) + +CONFIG_RANDOM_TRUST_BOOTLOADER is basically the same thing, but regards +the seed passed via EFI or device tree, which might come from RDRAND or +a TPM or somewhere else. In order to allow distros to more easily enable +this while avoiding those same howls (or vice versa), this commit adds +the corresponding `random.trust_bootloader=0/1` toggle. + +Cc: Theodore Ts'o <tytso@mit.edu> +Cc: Graham Christensen <graham@grahamc.com> +Reviewed-by: Ard Biesheuvel <ardb@kernel.org> +Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> +Link: https://github.com/NixOS/nixpkgs/pull/165355 +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> +--- + Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ + drivers/char/Kconfig | 3 ++- + drivers/char/random.c | 8 +++++++- + 3 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 7123524a86b8..973e1de5f29e 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -4356,6 +4356,12 @@ + fully seed the kernel's CRNG. Default is controlled + by CONFIG_RANDOM_TRUST_CPU. + ++ random.trust_bootloader={on,off} ++ [KNL] Enable or disable trusting the use of the ++ a seed passed by the bootloader (if available) to ++ fully seed the kernel's CRNG. Default is controlled ++ by CONFIG_RANDOM_TRUST_BOOTLOADER. ++ + randomize_kstack_offset= + [KNL] Enable or disable kernel stack offset + randomization, which provides roughly 5 bits of +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index 740811893c57..55f48375e3fe 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -449,6 +449,7 @@ config RANDOM_TRUST_BOOTLOADER + device randomness. Say Y here to assume the entropy provided by the + booloader is trustworthy so it will be added to the kernel's entropy + pool. Otherwise, say N here so it will be regarded as device input that +- only mixes the entropy pool. ++ only mixes the entropy pool. This can also be configured at boot with ++ "random.trust_bootloader=on/off". + + endmenu +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 3404a91edf29..19bf14e253f7 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -738,11 +738,17 @@ static void invalidate_batched_entropy(void); + static void numa_crng_init(void); + + static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU); ++static bool trust_bootloader __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER); + static int __init parse_trust_cpu(char *arg) + { + return kstrtobool(arg, &trust_cpu); + } ++static int __init parse_trust_bootloader(char *arg) ++{ ++ return kstrtobool(arg, &trust_bootloader); ++} + early_param("random.trust_cpu", parse_trust_cpu); ++early_param("random.trust_bootloader", parse_trust_bootloader); + + static bool crng_init_try_arch(struct crng_state *crng) + { +@@ -2229,7 +2235,7 @@ EXPORT_SYMBOL_GPL(add_hwgenerator_randomness); + */ + void add_bootloader_randomness(const void *buf, unsigned int size) + { +- if (IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER)) ++ if (trust_bootloader) + add_hwgenerator_randomness(buf, size, size * 8); + else + add_device_randomness(buf, size); +-- +2.35.1 + |