CTSRD-CHERI · bsdjhb · Jan 22, 2025 · Jan 22, 2025
diff --git a/sys/conf/options b/sys/conf/options
@@ -972,6 +972,9 @@ RANDOM_LOADABLE	opt_global.h
 # the uma slab allocator.
 RANDOM_ENABLE_UMA	opt_global.h
 RANDOM_ENABLE_ETHER	opt_global.h
+# This is highly insecure but used in environments without any
+# pre-boot entropy
+RANDOM_NO_ENTROPY	opt_global.h
 
 # This options turns TPM into entropy source.
 TPM_HARVEST	opt_tpm.h

diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c
@@ -81,7 +81,11 @@ CTASSERT(RANDOM_FORTUNA_BLOCKS_PER_KEY * RANDOM_BLOCKSIZE ==
  * Making RANDOM_FORTUNA_DEFPOOLSIZE too large will mean a long time between reseeds,
  * and too small may compromise initial security but get faster reseeds.
  */
+#ifdef RANDOM_NO_ENTROPY
+#define	RANDOM_FORTUNA_MINPOOLSIZE 1
+#else
 #define	RANDOM_FORTUNA_MINPOOLSIZE 16
+#endif
 #define	RANDOM_FORTUNA_MAXPOOLSIZE INT_MAX 
 CTASSERT(RANDOM_FORTUNA_MINPOOLSIZE <= RANDOM_FORTUNA_DEFPOOLSIZE);
 CTASSERT(RANDOM_FORTUNA_DEFPOOLSIZE <= RANDOM_FORTUNA_MAXPOOLSIZE);

diff --git a/sys/dev/random/fortuna.h b/sys/dev/random/fortuna.h
@@ -29,7 +29,11 @@
 
 /* Defined in FS&K */
 #define	RANDOM_FORTUNA_NPOOLS 32		/* The number of accumulation pools */
+#ifdef RANDOM_NO_ENTROPY
+#define	RANDOM_FORTUNA_DEFPOOLSIZE 1		/* The default pool size/length for a (re)seed */
+#else
 #define	RANDOM_FORTUNA_DEFPOOLSIZE 64		/* The default pool size/length for a (re)seed */
+#endif
 
 #ifdef _KERNEL
 typedef struct mtx mtx_t;

diff --git a/sys/riscv/conf/GFE b/sys/riscv/conf/GFE
@@ -11,3 +11,5 @@
 
 options 	BREAK_TO_DEBUGGER
 options 	ALT_BREAK_TO_DEBUGGER
+
+options 	RANDOM_NO_ENTROPY
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,3 +11,5 @@

		options BREAK_TO_DEBUGGER
		options ALT_BREAK_TO_DEBUGGER

		options RANDOM_NO_ENTROPY
Check warning on line 15 in sys/riscv/conf/GFE View workflow job for this annotation GitHub Actions / Style Checker `Missing Signed-off-by: line`