arm64: efi: invoke EFI_RNG_PROTOCOL to supply KASLR randomness Since arm64 does not use a decompressor that supplies an execution environment where it is feasible to some extent to provide a source of randomness, the arm64 KASLR kernel depends on the bootloader to supply some random bits in the /chosen/kaslr-seed DT property upon kernel entry. On UEFI systems, we can use the EFI_RNG_PROTOCOL, if supplied, to obtain some random bits. At the same time, use it to randomize the offset of the kernel Image in physical memory. Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

commit: 2b5fe07a78a09a32002642b8a823428ade611f16 [log] [tgz]
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tue Jan 26 14:48:29 2016 +0100
committer: Catalin Marinas <catalin.marinas@arm.com> Wed Feb 24 14:57:29 2016 +0000
tree: db8929655f2d9de7827d68fbfad1ea08d1cd0e29
parent: 48fcb2d0216103d15306caa4814e2381104df6d8 [diff]
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 968fa13..b646091 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig

@@ -810,6 +810,11 @@
 	  It is the bootloader's job to provide entropy, by passing a
 	  random u64 value in /chosen/kaslr-seed at kernel entry.
 
+	  When booting via the UEFI stub, it will invoke the firmware's
+	  EFI_RNG_PROTOCOL implementation (if available) to supply entropy
+	  to the kernel proper. In addition, it will randomise the physical
+	  location of the kernel Image as well.
+
 	  If unsure, say N.
 
 config RANDOMIZE_MODULE_REGION_FULL
commit	2b5fe07a78a09a32002642b8a823428ade611f16	[log] [tgz]
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	Tue Jan 26 14:48:29 2016 +0100
committer	Catalin Marinas <catalin.marinas@arm.com>	Wed Feb 24 14:57:29 2016 +0000
tree	db8929655f2d9de7827d68fbfad1ea08d1cd0e29
parent	48fcb2d0216103d15306caa4814e2381104df6d8 [diff]