Linux 5.5 To Finally Wire Up EFI RNG Code For x86 As Another Source Of Entropy
Since 2016 the Linux kernel on ARM has invoked the EFI random number generator (RNG) protocol for serving as an additional source of entropy during early boot. With Linux 5.5 in early 2020 that code is finally happening for x86/x86_64.
The EFI specification has an RNG protocol that is optional for being able to return RNG values from supporting an arbitrary set of RNG algorithms. This has been around since UEFI 2.4 (2013) and while the Linux kernel ARM code has invoked it for years in their EFI code, the x86 (x86_64 included) code has a similar hook-up for Linux 5.5.
Where supported this will seed the kernel entropy pool as another source of entropy during the early stages of the boot process where normally entropy can be quite limited. There is already the existing CONFIG_RANDOM_TRUST_BOOTLOADER Kconfig switch for whether this source of randomness can be trusted.
This EFI x86 RNG code is among the few improvements in EFI updates for v5.5.
The EFI specification has an RNG protocol that is optional for being able to return RNG values from supporting an arbitrary set of RNG algorithms. This has been around since UEFI 2.4 (2013) and while the Linux kernel ARM code has invoked it for years in their EFI code, the x86 (x86_64 included) code has a similar hook-up for Linux 5.5.
Where supported this will seed the kernel entropy pool as another source of entropy during the early stages of the boot process where normally entropy can be quite limited. There is already the existing CONFIG_RANDOM_TRUST_BOOTLOADER Kconfig switch for whether this source of randomness can be trusted.
This EFI x86 RNG code is among the few improvements in EFI updates for v5.5.
10 Comments