Use arc4 to bit-spread the 512-byte random buffer over the .openbsd.randomdata

section, which has grown a fair bit with the introduction of retguard.
Mortimer discovered the repeated 512-byte sequence as retguard keys, and
this resolves the issue.  (Chacha does not fit on the media, so 1.5K early
drop RC4 is hopefully sufficient in our KARL link universe)
Version crank the bootblocks. sysupgrade -s will install new bootblocks.
ok djm mortimer

2 files changed, 4 insertions, 4 deletions

diff --git a/sys/arch/landisk/stand/boot/Makefile b/sys/arch/landisk/stand/boot/Makefile
index 1b15f01a14d..16f43e02b69 100644
--- a/sys/arch/landisk/stand/boot/Makefile
+++ b/sys/arch/landisk/stand/boot/Makefile
@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.14 2016/11/28 16:42:45 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.15 2019/10/29 02:55:51 deraadt Exp $
 
 MAN=	boot.8
 
 .if ${MACHINE} == "landisk"
 PROG=	boot
-SRCS=	srt0.S conf.c devs.c getsecs.c scifcons.c delay.c
+SRCS=	srt0.S conf.c devs.c getsecs.c scifcons.c delay.c arc4.c
 LDFLAGS=-nostdlib -Ttext 0x8ff00000 -N -x -Bstatic -e start -nopie -znorelro
 OBJCOPY?=objcopy
 
diff --git a/sys/arch/landisk/stand/boot/conf.c b/sys/arch/landisk/stand/boot/conf.c
index 0dd82c5a299..2016ea0a138 100644
--- a/sys/arch/landisk/stand/boot/conf.c
+++ b/sys/arch/landisk/stand/boot/conf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.c,v 1.14 2019/08/04 13:45:15 deraadt Exp $	*/
+/*	$OpenBSD: conf.c,v 1.15 2019/10/29 02:55:51 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2006 Michael Shalayeff
@@ -29,7 +29,7 @@
 #endif
 #include <dev/cons.h>
 
-const char version[] = "1.07";
+const char version[] = "1.08";
 int	debug = 1;
 
 struct fs_ops file_system[] = {