diff options
| author | Mark Kettenis <kettenis@cvs.openbsd.org> | 2024-07-11 12:07:41 +0000 |
|---|---|---|
| committer | Mark Kettenis <kettenis@cvs.openbsd.org> | 2024-07-11 12:07:41 +0000 |
| commit | 1b9304de7f6503479f21fbb1553ff17b83f7abb2 (patch) | |
| tree | c8500a823e02b6188312a750c1f509e30cdf3a96 /sys | |
| parent | e979079be8e82a3d629710f5ae5e83cc431a97ca (diff) | |
Use FEAT_RNG to feed entropy into the random subsystem like we do on amd64.
ok patrick@, deraadt@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/arch/arm64/arm64/cpu.c | 31 | ||||
| -rw-r--r-- | sys/arch/arm64/conf/Makefile.arm64 | 4 |
2 files changed, 32 insertions, 3 deletions
diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c index 000313fa895..47b2534a0bb 100644 --- a/sys/arch/arm64/arm64/cpu.c +++ b/sys/arch/arm64/arm64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.124 2024/07/10 11:01:24 kettenis Exp $ */ +/* $OpenBSD: cpu.c,v 1.125 2024/07/11 12:07:39 kettenis Exp $ */ /* * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com> @@ -245,6 +245,7 @@ uint64_t cpu_id_aa64pfr0; uint64_t cpu_id_aa64pfr1; int arm64_has_lse; +int arm64_has_rng; #ifdef CRYPTO int arm64_has_aes; #endif @@ -273,6 +274,9 @@ struct cfdriver cpu_cd = { NULL, "cpu", DV_DULL }; +struct timeout cpu_rng_to; +void cpu_rng(void *); + void cpu_opp_init(struct cpu_info *, uint32_t); void cpu_psci_init(struct cpu_info *); void cpu_psci_idle_cycle(void); @@ -286,6 +290,25 @@ void cpu_kstat_attach(struct cpu_info *ci); void cpu_opp_kstat_attach(struct cpu_info *ci); #endif +void +cpu_rng(void *arg) +{ + struct timeout *to = arg; + uint64_t rndr; + int ret; + + ret = __builtin_arm_rndrrs(&rndr); + if (ret) + ret = __builtin_arm_rndr(&rndr); + if (ret == 0) { + enqueue_randomness(rndr & 0xffffffff); + enqueue_randomness(rndr >> 32); + } + + if (to) + timeout_add_msec(to, 1000); +} + /* * Enable mitigation for Spectre-V2 branch target injection * vulnerabilities (CVE-2017-5715). @@ -667,6 +690,7 @@ cpu_identify(struct cpu_info *ci) if (ID_AA64ISAR0_RNDR(id) >= ID_AA64ISAR0_RNDR_IMPL) { printf("%sRNDR", sep); sep = ","; + arm64_has_rng = 1; } if (ID_AA64ISAR0_TLB(id) >= ID_AA64ISAR0_TLB_IOS) { @@ -1139,6 +1163,11 @@ cpu_attach(struct device *parent, struct device *dev, void *aux) } cpu_init(); + + if (arm64_has_rng) { + timeout_set(&cpu_rng_to, cpu_rng, &cpu_rng_to); + cpu_rng(&cpu_rng_to); + } #ifdef MULTIPROCESSOR } #endif diff --git a/sys/arch/arm64/conf/Makefile.arm64 b/sys/arch/arm64/conf/Makefile.arm64 index 837b1fe656d..371e1f99a5a 100644 --- a/sys/arch/arm64/conf/Makefile.arm64 +++ b/sys/arch/arm64/conf/Makefile.arm64 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.arm64,v 1.48 2024/07/02 10:25:16 kettenis Exp $ +# $OpenBSD: Makefile.arm64,v 1.49 2024/07/11 12:07:40 kettenis Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -56,7 +56,7 @@ CWARNFLAGS= -Werror -Wall -Wimplicit-function-declaration \ -Wno-unused-but-set-variable -Wno-gnu-folding-constant \ -Wframe-larger-than=2047 -CMACHFLAGS= -march=armv8-a+nofp+nosimd \ +CMACHFLAGS= -march=armv8-a+nofp+nosimd+rng \ -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer \ -ffixed-x18 CMACHFLAGS+= -ffreestanding ${NOPIE_FLAGS} |