loader: Make EFI entropy size configurable

Add a new loader variable entropy_efi_seed_size which defaults to 2048; if not defined (e.g. if the /boot/lua/ is updated but /boot/defaults/ isn't) the same 2048 default will be used. Reviewed by: Val Packett MFC after: 1 week Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D46632 (cherry picked from commit f4a69a933cd645e384b337db5ef2ccf41a1ddd5b)
2026-02-18 18:20:26 -05:00 · 2024-09-18 04:02:01 -07:00 · 2024-09-18 04:02:01 -07:00 · 0a8ff19896
commit 0a8ff19896
parent 0d348c621f
2 changed files with 8 additions and 3 deletions
--- a/stand/defaults/loader.conf
+++ b/stand/defaults/loader.conf
@ -48,8 +48,12 @@ entropy_cache_type="boot_entropy_cache"	# Required for the kernel to find
 					# the boot-time entropy cache. This
 					# must not change value even if the
 					# _name above does change!
-entropy_efi_seed="YES"		# Set this to NO to disable loading
-					# entropy from the UEFI hardware random number generator API
+entropy_efi_seed="YES"			# Set this to NO to disable loading
+					# entropy from the UEFI hardware
+					# random number generator API
+entropy_efi_seed_size="2048"		# Set this to a different value to
+					# change the amount of entropy
+					# requested from EFI

 ###  RAM Blacklist configuration  ############################
 ram_blacklist_load="NO"			# Set this to YES to load a file
--- a/stand/lua/core.lua
+++ b/stand/lua/core.lua
@ -369,7 +369,8 @@ end
 function core.loadEntropy()
 	if core.isUEFIBoot() then
 		if (loader.getenv("entropy_efi_seed") or "no"):lower() == "yes" then
-			loader.perform("efi-seed-entropy")
+			local seedsize = loader.getenv("entropy_efi_seed_size") or "2048"
+			loader.perform("efi-seed-entropy " .. seedsize)
 		end
 	end
 end