summaryrefslogtreecommitdiff
path: root/sys/arch
diff options
context:
space:
mode:
authorVisa Hankala <visa@cvs.openbsd.org>2017-05-09 15:11:34 +0000
committerVisa Hankala <visa@cvs.openbsd.org>2017-05-09 15:11:34 +0000
commit88325a8b3205f45505cd1807533ed9c67a4e2493 (patch)
tree7401face37a213fea32927beab83d5ecb47595d0 /sys/arch
parentf8983b51f25ef91a24c47f1e0194534ebbc890c2 (diff)
Mix bits from the built-in RNG with the randomdata section at boot time.
This should improve considerably the quality of early entropy and stack protector guard data on octeon. Suggested by and OK deraadt@ OK kettenis@, jasper@
Diffstat (limited to 'sys/arch')
-rw-r--r--sys/arch/octeon/conf/ld.script4
-rw-r--r--sys/arch/octeon/octeon/locore.S33
2 files changed, 35 insertions, 2 deletions
diff --git a/sys/arch/octeon/conf/ld.script b/sys/arch/octeon/conf/ld.script
index f31d7f7ba98..97b853e3d14 100644
--- a/sys/arch/octeon/conf/ld.script
+++ b/sys/arch/octeon/conf/ld.script
@@ -1,4 +1,4 @@
-/* $OpenBSD: ld.script,v 1.3 2016/07/16 10:41:53 visa Exp $ */
+/* $OpenBSD: ld.script,v 1.4 2017/05/09 15:11:33 visa Exp $ */
OUTPUT_FORMAT("elf64-tradbigmips")
OUTPUT_ARCH(mips)
@@ -11,8 +11,10 @@ SECTIONS
.rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) }
_gp = ALIGN(16) + 0x7ff0;
.data : { *(.data .data.* .gnu.linkonce.d.*) }
+ __kernel_randomdata = .;
.openbsd.randomdata :
{ *(.openbsd.randomdata) }
+ __kernel_randomdata_end = .;
PROVIDE (edata = .);
.sbss : { *(.sbss .sbss.* .gnu.linkonce.sb.* .scommon) }
.bss : { *(.bss .bss.* .gnu.linkonce.b.* COMMON) }
diff --git a/sys/arch/octeon/octeon/locore.S b/sys/arch/octeon/octeon/locore.S
index 1200786b33b..3ef892a83a3 100644
--- a/sys/arch/octeon/octeon/locore.S
+++ b/sys/arch/octeon/octeon/locore.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: locore.S,v 1.11 2017/04/03 13:51:54 visa Exp $ */
+/* $OpenBSD: locore.S,v 1.12 2017/05/09 15:11:33 visa Exp $ */
/*
* Copyright (c) 2001-2004 Opsycon AB (www.opsycon.se / www.opsycon.com)
@@ -38,6 +38,10 @@
#include "assym.h"
+#define RNG_CONTROL_ADDR 0x9001180040000000
+#define RNG_CONTROL_ENABLE 0x3
+#define RNG_ENTROPY_ADDR 0x9001400000000000
+
.set noreorder # Noreorder is default style!
.set mips64r2
.globl start
@@ -93,6 +97,33 @@ start:
#endif
2:
/*
+ * Augment the randomdata section using entropy from the RNG.
+ */
+
+ /* Enable the RNG. */
+ dli t0, RNG_CONTROL_ADDR
+ ld t1, (t0)
+ ori t1, RNG_CONTROL_ENABLE
+ sd t1, (t0)
+
+ LA t0, __kernel_randomdata
+ LA t1, __kernel_randomdata_end
+ dli t2, RNG_ENTROPY_ADDR
+1:
+ /* Delay to let entropy accumulate. */
+ li v0, 0x1000
+2:
+ bne v0, zero, 2b
+ subu v0, v0, 1
+ /* Mix entropy. */
+ ld v0, (t0) # load from randomdata
+ ld v1, (t2) # load entropy
+ xor v0, v0, v1 # mix entropy
+ daddu t0, t0, 8 # advance ptr
+ blt t0, t1, 1b
+ sd v0, -8(t0) # store to randomdata
+
+ /*
* Initialize stack and call machine startup.
*/
LA t0, start - FRAMESZ(CF_SZ)
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-07 23:10:24 +0000