git: 0a8ff1989681 - stable/14 - loader: Make EFI entropy size configurable

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Colin Percival <cperciva_at_FreeBSD.org>
Date: Sun, 29 Sep 2024 15:25:15 UTC
The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=0a8ff1989681f476b9da87a309db25aecd7881c1

commit 0a8ff1989681f476b9da87a309db25aecd7881c1
Author:     Colin Percival <cperciva@FreeBSD.org>
AuthorDate: 2024-09-18 11:02:01 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2024-09-29 15:24:52 +0000

    loader: Make EFI entropy size configurable
    
    Add a new loader variable entropy_efi_seed_size which defaults to 2048;
    if not defined (e.g. if the /boot/lua/ is updated but /boot/defaults/
    isn't) the same 2048 default will be used.
    
    Reviewed by:    Val Packett
    MFC after:      1 week
    Sponsored by:   Amazon
    Differential Revision:  https://reviews.freebsd.org/D46632
    
    (cherry picked from commit f4a69a933cd645e384b337db5ef2ccf41a1ddd5b)
---
 stand/defaults/loader.conf | 8 ++++++--
 stand/lua/core.lua         | 3 ++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/stand/defaults/loader.conf b/stand/defaults/loader.conf
index a5d27b96b6ba..c3de7cdfb74b 100644
--- a/stand/defaults/loader.conf
+++ b/stand/defaults/loader.conf
@@ -48,8 +48,12 @@ entropy_cache_type="boot_entropy_cache"	# Required for the kernel to find
 					# the boot-time entropy cache. This
 					# must not change value even if the
 					# _name above does change!
-entropy_efi_seed="YES"		# Set this to NO to disable loading
-					# entropy from the UEFI hardware random number generator API
+entropy_efi_seed="YES"			# Set this to NO to disable loading
+					# entropy from the UEFI hardware
+					# random number generator API
+entropy_efi_seed_size="2048"		# Set this to a different value to
+					# change the amount of entropy
+					# requested from EFI
 
 ###  RAM Blacklist configuration  ############################
 ram_blacklist_load="NO"			# Set this to YES to load a file
diff --git a/stand/lua/core.lua b/stand/lua/core.lua
index 7b7560ddc820..72b19462ae5c 100644
--- a/stand/lua/core.lua
+++ b/stand/lua/core.lua
@@ -369,7 +369,8 @@ end
 function core.loadEntropy()
 	if core.isUEFIBoot() then
 		if (loader.getenv("entropy_efi_seed") or "no"):lower() == "yes" then
-			loader.perform("efi-seed-entropy")
+			local seedsize = loader.getenv("entropy_efi_seed_size") or "2048"
+			loader.perform("efi-seed-entropy " .. seedsize)
 		end
 	end
 end