diff options
author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2016-01-26 14:48:29 +0100 |
---|---|---|
committer | Catalin Marinas <catalin.marinas@arm.com> | 2016-02-24 14:57:29 +0000 |
commit | 2b5fe07a78a09a32002642b8a823428ade611f16 (patch) | |
tree | db8929655f2d9de7827d68fbfad1ea08d1cd0e29 /arch/arm64/Kconfig | |
parent | 48fcb2d0216103d15306caa4814e2381104df6d8 (diff) | |
download | lwn-2b5fe07a78a09a32002642b8a823428ade611f16.tar.gz lwn-2b5fe07a78a09a32002642b8a823428ade611f16.zip |
arm64: efi: invoke EFI_RNG_PROTOCOL to supply KASLR randomness
Since arm64 does not use a decompressor that supplies an execution
environment where it is feasible to some extent to provide a source of
randomness, the arm64 KASLR kernel depends on the bootloader to supply
some random bits in the /chosen/kaslr-seed DT property upon kernel entry.
On UEFI systems, we can use the EFI_RNG_PROTOCOL, if supplied, to obtain
some random bits. At the same time, use it to randomize the offset of the
kernel Image in physical memory.
Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/Kconfig')
-rw-r--r-- | arch/arm64/Kconfig | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 968fa13cc25b..b6460911dd92 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -810,6 +810,11 @@ config RANDOMIZE_BASE It is the bootloader's job to provide entropy, by passing a random u64 value in /chosen/kaslr-seed at kernel entry. + When booting via the UEFI stub, it will invoke the firmware's + EFI_RNG_PROTOCOL implementation (if available) to supply entropy + to the kernel proper. In addition, it will randomise the physical + location of the kernel Image as well. + If unsure, say N. config RANDOMIZE_MODULE_REGION_FULL |