[rng] Allow entropy source to be selected at runtime

As noted in commit 3c83843 ("[rng] Check for several functioning RTC interrupts"), experimentation shows that Hyper-V cannot be trusted to reliably generate RTC interrupts. (As noted in commit f3ba0fb ("[hyperv] Provide timer based on the 10MHz time reference count MSR"), Hyper-V appears to suffer from a general problem in reliably generating any legacy interrupts.) An alternative entropy source is therefore required for an image that may be used in a Hyper-V Gen1 virtual machine. The x86 RDRAND instruction provides a suitable alternative entropy source, but may not be supported by all CPUs. We must therefore allow for multiple entropy sources to be compiled in, with the single active entropy source selected only at runtime. Restructure the internal entropy API to allow a working entropy source to be detected and chosen at runtime. Enable the RDRAND entropy source for all x86 builds, since it is likely to be substantially faster than any other source. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-06 20:21:47 +03:00 · 2023-02-17 16:56:11 +00:00
parent 2733c4763a
commit 9f17d1116d
18 changed files with 512 additions and 591 deletions
--- a/src/config/config_entropy.c
+++ b/src/config/config_entropy.c
@@ -0,0 +1,48 @@
+/*
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <config/entropy.h>
+
+/** @file
+ *
+ * Entropy configuration options
+ *
+ */
+
+PROVIDE_REQUIRING_SYMBOL();
+
+/*
+ * Drag in entropy sources
+ */
+#ifdef ENTROPY_RTC
+REQUIRE_OBJECT ( rtc_entropy );
+#endif
+#ifdef ENTROPY_EFI
+REQUIRE_OBJECT ( efi_entropy );
+#endif
+#ifdef ENTROPY_LINUX
+REQUIRE_OBJECT ( linux_entropy );
+#endif
+#ifdef ENTROPY_RDRAND
+REQUIRE_OBJECT ( rdrand );
+#endif
--- a/src/config/defaults/efi.h
+++ b/src/config/defaults/efi.h
@@ -50,6 +50,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #if defined ( __i386__ ) || defined ( __x86_64__ )
 #define IOAPI_X86
 #define NAP_EFIX86
+#define ENTROPY_RDRAND
 #define	CPUID_CMD		/* x86 CPU feature detection command */
 #define	UNSAFE_STD		/* Avoid setting direction flag */
 #endif
--- a/src/config/defaults/linux.h
+++ b/src/config/defaults/linux.h
@@ -33,4 +33,8 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #define SANBOOT_PROTO_FCP
 #define SANBOOT_PROTO_HTTP

+#if defined ( __i386__ ) || defined ( __x86_64__ )
+#define ENTROPY_RDRAND
+#endif
+
 #endif /* CONFIG_DEFAULTS_LINUX_H */
--- a/src/config/defaults/pcbios.h
+++ b/src/config/defaults/pcbios.h
@@ -20,6 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define SMBIOS_PCBIOS
 #define SANBOOT_PCBIOS
 #define ENTROPY_RTC
+#define ENTROPY_RDRAND
 #define TIME_RTC
 #define REBOOT_PCBIOS
 #define ACPI_RSDP