[PATCH] lib: random: add CONFIG_INSECURE logging of seeds
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed May 28 08:37:09 PDT 2025
clocksource_srand() can be called after events that take a varying
amount of time to extract some entropy. To get an idea about how much
entropy we are getting out, add a CONFIG_INSECURE-guarded debug print
that prints the seeds out as-is.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
lib/random.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/random.c b/lib/random.c
index 889d314e0fad..632f361c4627 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -11,6 +11,8 @@
* CONFIG_ALLOW_PRNG_FALLBACK set, which will emit a warning at runtime.
*/
+#define pr_fmt(fmt) "random: " fmt
+
#include <common.h>
#include <stdlib.h>
#include <linux/hw_random.h>
@@ -75,6 +77,12 @@ void randbuf_r(u64 *x, void *buf, size_t len)
*/
void srand_xor(u64 entropy)
{
+ /* The PRNG shouldn't be used for crypto anyway, but still let's not
+ * divulge the whole state in secure configurations.
+ */
+ if (IS_ENABLED(CONFIG_INSECURE))
+ pr_debug("PRNG seeded with %llu\n", entropy);
+
prng_state ^= entropy;
/* Ensure prng_state is never zero */
prng_state += !prng_state;
--
2.39.5
More information about the barebox
mailing list