[PATCH 0/4 v2] random add rng-seed to command line option
From: Mark Salyzyn
Date: Mon Feb 10 2020 - 09:45:30 EST
A followup to commit 428826f5358c922dc378830a1717b682c0823160
("fdt: add support for rng-seed") to extend what was started
with Open Firmware (OF or Device Tree) parsing, but also add
it to the command line.
If CONFIG_RANDOM_TRUST_BOOTLOADER is set, then feed the rng-seed
command line option length as added trusted entropy.
Always erase all views of the rng-seed option, except early command
line parsing, to prevent leakage to applications or modules, to
eliminate any attack vector.
It is preferred to add rng-seed to the Device Tree, but some
platforms do not have this option, so this adds the ability to
provide some command-line-limited data to the entropy through this
alternate mechanism. Expect on average 6 bits of useful entropy
per character.
Mark Salyzyn (4):
init: move string constants to __initconst section
init: boot_command_line can be truncated
random: rng-seed source is utf-8
random: add rng-seed= command line option
---
v2
- Split into four bite sized patches.
- Correct spelling in commit message.
- rng-seed is assumed to be utf-8, so correct both to 6 bits/character
of collected entropy.
- Move entropy collection to a static __always_inline helper function.
drivers/char/random.c | 10 +++-
include/linux/random.h | 5 ++
init/main.c | 115 ++++++++++++++++++++++++++++++-----------
3 files changed, 100 insertions(+), 30 deletions(-)
--
2.25.0.341.g760bfbb309-goog