[efi] Split out EFI_RNG_PROTOCOL as a separate entropy source

Commit 7ca801d ("[efi] Use the EFI_RNG_PROTOCOL as an entropy source if available") added EFI_RNG_PROTOCOL as an alternative entropy source via an ad-hoc mechanism specific to efi_entropy.c. Split out EFI_RNG_PROTOCOL to a separate entropy source, and allow the entropy core to handle the selection of RDRAND, EFI_RNG_PROTOCOL, or timer ticks as the active source. The fault detection logic added in commit a87537d ("[efi] Detect and disable seriously broken EFI_RNG_PROTOCOL implementations") may be removed completely, since the failure will already be detected by the generic ANS X9.82-mandated repetition count test and will now be handled gracefully by the entropy core. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-30 22:08:48 +03:00 · 2023-02-20 14:08:49 +00:00
parent 7d71cf318a
commit 471599dc77
5 changed files with 130 additions and 92 deletions
--- a/src/config/config_entropy.c
+++ b/src/config/config_entropy.c
@@ -37,9 +37,12 @@ PROVIDE_REQUIRING_SYMBOL();
 #ifdef ENTROPY_RTC
 REQUIRE_OBJECT ( rtc_entropy );
 #endif
-#ifdef ENTROPY_EFI
+#ifdef ENTROPY_EFITICK
 REQUIRE_OBJECT ( efi_entropy );
 #endif
+#ifdef ENTROPY_EFIRNG
+REQUIRE_OBJECT ( efi_rng );
+#endif
 #ifdef ENTROPY_LINUX
 REQUIRE_OBJECT ( linux_entropy );
 #endif
--- a/src/config/defaults/efi.h
+++ b/src/config/defaults/efi.h
@@ -19,7 +19,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define SMBIOS_EFI
 #define SANBOOT_EFI
 #define BOFM_EFI
-#define ENTROPY_EFI
+#define ENTROPY_EFITICK
+#define ENTROPY_EFIRNG
 #define TIME_EFI
 #define REBOOT_EFI
 #define ACPI_EFI