summaryrefslogtreecommitdiff
path: root/arch/arm64/Kconfig
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2016-01-26 14:48:29 +0100
committerCatalin Marinas <catalin.marinas@arm.com>2016-02-24 14:57:29 +0000
commit2b5fe07a78a09a32002642b8a823428ade611f16 (patch)
treedb8929655f2d9de7827d68fbfad1ea08d1cd0e29 /arch/arm64/Kconfig
parent48fcb2d0216103d15306caa4814e2381104df6d8 (diff)
downloadlwn-2b5fe07a78a09a32002642b8a823428ade611f16.tar.gz
lwn-2b5fe07a78a09a32002642b8a823428ade611f16.zip
arm64: efi: invoke EFI_RNG_PROTOCOL to supply KASLR randomness
Since arm64 does not use a decompressor that supplies an execution environment where it is feasible to some extent to provide a source of randomness, the arm64 KASLR kernel depends on the bootloader to supply some random bits in the /chosen/kaslr-seed DT property upon kernel entry. On UEFI systems, we can use the EFI_RNG_PROTOCOL, if supplied, to obtain some random bits. At the same time, use it to randomize the offset of the kernel Image in physical memory. Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/Kconfig')
-rw-r--r--arch/arm64/Kconfig5
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 968fa13cc25b..b6460911dd92 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -810,6 +810,11 @@ config RANDOMIZE_BASE
It is the bootloader's job to provide entropy, by passing a
random u64 value in /chosen/kaslr-seed at kernel entry.
+ When booting via the UEFI stub, it will invoke the firmware's
+ EFI_RNG_PROTOCOL implementation (if available) to supply entropy
+ to the kernel proper. In addition, it will randomise the physical
+ location of the kernel Image as well.
+
If unsure, say N.
config RANDOMIZE_MODULE_REGION_FULL