Add support for getting early entropy from UEFI

UEFI provides a protocol for accessing randomness. This is a good way
to gather early entropy, especially when there's no driver for the RNG
on the platform (as is the case on the Marvell Armada8k (MACCHIATObin)
for now).

If the entropy_efi_seed option is enabled in loader.conf (default: YES)
obtain 2048 bytes of entropy from UEFI and pass is to the kernel as a
"module" of name "efi_rng_seed" and type "boot_entropy_platform"; if
present, ingest it into the kernel RNG.

Submitted by:	Greg V
Reviewed by:	markm, kevans
Approved by:	csprng (markm)
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D20780

1 files changed, 10 insertions, 0 deletions

diff --git a/stand/lua/core.lua b/stand/lua/core.lua
index 67d51b992858..27e3c14de9ff 100644
--- a/stand/lua/core.lua
+++ b/stand/lua/core.lua
@@ -351,6 +351,14 @@ function core.changeRewindCheckpoint()
 	end
 end
 
+function core.loadEntropy()
+	if core.isUEFIBoot() then
+		if (loader.getenv("entropy_efi_seed") or "no"):lower() == "yes" then
+			loader.perform("efi-seed-entropy")
+		end
+	end
+end
+
 function core.setDefaults()
 	core.setACPI(core.getACPIPresent(true))
 	core.setSafeMode(default_safe_mode)
@@ -363,6 +371,7 @@ function core.autoboot(argstr)
 	if loader.getenv("kernelname") == nil then
 		config.loadelf()
 	end
+	core.loadEntropy()
 	loader.perform(composeLoaderCmd("autoboot", argstr))
 end
 
@@ -371,6 +380,7 @@ function core.boot(argstr)
 	if loader.getenv("kernelname") == nil then
 		config.loadelf()
 	end
+	core.loadEntropy()
 	loader.perform(composeLoaderCmd("boot", argstr))
 end