git: f4a69a933cd6 - main - loader: Make EFI entropy size configurable

Sun, 22 Sep 2024 00:37:11 -0700 

The branch main has been updated by cperciva:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f4a69a933cd645e384b337db5ef2ccf41a1ddd5b

commit f4a69a933cd645e384b337db5ef2ccf41a1ddd5b
Author:     Colin Percival <cperc...@freebsd.org>
AuthorDate: 2024-09-18 11:02:01 +0000
Commit:     Colin Percival <cperc...@freebsd.org>
CommitDate: 2024-09-22 07:35:47 +0000

    loader: Make EFI entropy size configurable
    
    Add a new loader variable entropy_efi_seed_size which defaults to 2048;
    if not defined (e.g. if the /boot/lua/ is updated but /boot/defaults/
    isn't) the same 2048 default will be used.
    
    Reviewed by:    Val Packett
    MFC after:      1 week
    Sponsored by:   Amazon
    Differential Revision:  https://reviews.freebsd.org/D46632
---
 stand/defaults/loader.conf | 8 ++++++--
 stand/lua/core.lua         | 3 ++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/stand/defaults/loader.conf b/stand/defaults/loader.conf
index a5d27b96b6ba..c3de7cdfb74b 100644
--- a/stand/defaults/loader.conf
+++ b/stand/defaults/loader.conf
@@ -48,8 +48,12 @@ entropy_cache_type="boot_entropy_cache"      # Required for 
the kernel to find
                                        # the boot-time entropy cache. This
                                        # must not change value even if the
                                        # _name above does change!
-entropy_efi_seed="YES"         # Set this to NO to disable loading
-                                       # entropy from the UEFI hardware random 
number generator API
+entropy_efi_seed="YES"                 # Set this to NO to disable loading
+                                       # entropy from the UEFI hardware
+                                       # random number generator API
+entropy_efi_seed_size="2048"           # Set this to a different value to
+                                       # change the amount of entropy
+                                       # requested from EFI
 
 ###  RAM Blacklist configuration  ############################
 ram_blacklist_load="NO"                        # Set this to YES to load a file
diff --git a/stand/lua/core.lua b/stand/lua/core.lua
index 7b7560ddc820..72b19462ae5c 100644
--- a/stand/lua/core.lua
+++ b/stand/lua/core.lua
@@ -369,7 +369,8 @@ end
 function core.loadEntropy()
        if core.isUEFIBoot() then
                if (loader.getenv("entropy_efi_seed") or "no"):lower() == "yes" 
then
-                       loader.perform("efi-seed-entropy")
+                       local seedsize = loader.getenv("entropy_efi_seed_size") 
or "2048"
+                       loader.perform("efi-seed-entropy " .. seedsize)
                end
        end
 end

Reply via email to