summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Wildt <patrick@cvs.openbsd.org>2021-12-31 09:24:19 +0000
committerPatrick Wildt <patrick@cvs.openbsd.org>2021-12-31 09:24:19 +0000
commit0f40c8c00e93acc20b36fa90c6a75f82de27be3a (patch)
tree990534638177bfbee93b9ebabd17620ecc84a8a3
parentc0baaae14bc3dddff6c5607778a9dc8bb93b97b5 (diff)
Newer Apple firmware on chipsets without a hardware RNG require the host to
provide a buffer of random bytes to the device on initialization.
-rw-r--r--sys/dev/pci/if_bwfm_pci.c26
-rw-r--r--sys/dev/pci/if_bwfm_pci.h10
2 files changed, 31 insertions, 5 deletions
diff --git a/sys/dev/pci/if_bwfm_pci.c b/sys/dev/pci/if_bwfm_pci.c
index 9b9164b2a5a..e3949448b95 100644
--- a/sys/dev/pci/if_bwfm_pci.c
+++ b/sys/dev/pci/if_bwfm_pci.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_bwfm_pci.c,v 1.64 2021/12/27 17:56:03 patrick Exp $ */
+/* $OpenBSD: if_bwfm_pci.c,v 1.65 2021/12/31 09:24:18 patrick Exp $ */
/*
* Copyright (c) 2010-2016 Broadcom Corporation
* Copyright (c) 2017 Patrick Wildt <patrick@blueri.se>
@@ -782,7 +782,9 @@ bwfm_pci_load_microcode(struct bwfm_pci_softc *sc, const u_char *ucode, size_t s
{
struct bwfm_softc *bwfm = (void *)sc;
struct bwfm_core *core;
- uint32_t shared, written;
+ struct bwfm_pci_random_seed_footer footer;
+ uint32_t addr, shared, written;
+ uint8_t *rndbuf;
int i;
if (bwfm->sc_chip.ch_chip == BRCM_CC_43602_CHIP_ID) {
@@ -806,10 +808,26 @@ bwfm_pci_load_microcode(struct bwfm_pci_softc *sc, const u_char *ucode, size_t s
bwfm->sc_chip.ch_rambase + bwfm->sc_chip.ch_ramsize - 4, 0);
if (nvram) {
+ addr = bwfm->sc_chip.ch_rambase + bwfm->sc_chip.ch_ramsize -
+ nvlen;
for (i = 0; i < nvlen; i++)
bus_space_write_1(sc->sc_tcm_iot, sc->sc_tcm_ioh,
- bwfm->sc_chip.ch_rambase + bwfm->sc_chip.ch_ramsize
- - nvlen + i, nvram[i]);
+ addr + i, nvram[i]);
+
+ footer.length = htole32(BWFM_RANDOM_SEED_MAGIC);
+ footer.magic = htole32(BWFM_RANDOM_SEED_LENGTH);
+ addr -= sizeof(footer);
+ for (i = 0; i < sizeof(footer); i++)
+ bus_space_write_1(sc->sc_tcm_iot, sc->sc_tcm_ioh,
+ addr + i, ((uint8_t *)&footer)[i]);
+
+ rndbuf = malloc(BWFM_RANDOM_SEED_LENGTH, M_TEMP, M_WAITOK);
+ arc4random_buf(rndbuf, BWFM_RANDOM_SEED_LENGTH);
+ addr -= BWFM_RANDOM_SEED_LENGTH;
+ for (i = 0; i < BWFM_RANDOM_SEED_LENGTH; i++)
+ bus_space_write_1(sc->sc_tcm_iot, sc->sc_tcm_ioh,
+ addr + i, rndbuf[i]);
+ free(rndbuf, M_TEMP, BWFM_RANDOM_SEED_LENGTH);
}
written = bus_space_read_4(sc->sc_tcm_iot, sc->sc_tcm_ioh,
diff --git a/sys/dev/pci/if_bwfm_pci.h b/sys/dev/pci/if_bwfm_pci.h
index f0502ac1f70..b9edacf2bed 100644
--- a/sys/dev/pci/if_bwfm_pci.h
+++ b/sys/dev/pci/if_bwfm_pci.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_bwfm_pci.h,v 1.7 2021/08/31 23:05:11 patrick Exp $ */
+/* $OpenBSD: if_bwfm_pci.h,v 1.8 2021/12/31 09:24:18 patrick Exp $ */
/*
* Copyright (c) 2010-2016 Broadcom Corporation
* Copyright (c) 2017 Patrick Wildt <patrick@blueri.se>
@@ -147,6 +147,14 @@
#define BWFM_CONSOLE_BUFSIZE 0x0c
#define BWFM_CONSOLE_WRITEIDX 0x10
+#define BWFM_RANDOM_SEED_MAGIC 0xfeedc0de
+#define BWFM_RANDOM_SEED_LENGTH 0x100
+
+struct bwfm_pci_random_seed_footer {
+ uint32_t length;
+ uint32_t magic;
+};
+
struct bwfm_pci_ringinfo {
uint32_t ringmem;
uint32_t h2d_w_idx_ptr;