• Daniel Micay's avatar
    init/main.c: extract early boot entropy from the passed cmdline · 33d72f38
    Daniel Micay authored
    Feed the boot command-line as to the /dev/random entropy pool
    
    Existing Android bootloaders usually pass data which may not be known by
    an external attacker on the kernel command-line.  It may also be the
    case on other embedded systems.  Sample command-line from a Google Pixel
    running CopperheadOS....
    
        console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0
        androidboot.hardware=sailfish user_debug=31 ehci-hcd.park=3
        lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff buildvariant=user
        veritykeyid=id:dfcb9db0089e5b3b4090a592415c28e1cb4545ab
        androidboot.bootdevice=624000.ufshc androidboot.verifiedbootstate=yellow
        androidboot.veritymode=enforcing androidboot.keymaster=1
        androidboot.serialno=FA6CE0305299 androidboot.baseband=msm
        mdss_mdp.panel=1:dsi:0:qcom,mdss_dsi_samsung_ea8064tg_1080p_cmd:1:none:cfg:single_dsi
        androidboot.slot_suffix=_b fpsimd.fpsimd_settings=0
        app_setting.use_app_setting=0 kernelflag=0x00000000 debugflag=0x00000000
        androidboot.hardware.revision=PVT radioflag=0x00000000
        radioflagex1=0x00000000 radioflagex2=0x00000000 cpumask=0x00000000
        androidboot.hardware.ddr=4096MB,Hynix,LPDDR4 androidboot.ddrinfo=00000006
        androidboot.ddrsize=4GB androidboot.hardware.color=GRA00
        androidboot.hardware.ufs=32GB,Samsung androidboot.msm.hw_ver_id=268824801
        androidboot.qf.st=2 androidboot.cid=11111111 androidboot.mid=G-2PW4100
        androidboot.bootloader=8996-012001-1704121145
        androidboot.oem_unlock_support=1 androidboot.fp_src=1
        androidboot.htc.hrdump=detected androidboot.ramdump.opt=mem@2g:2g,mem@4g:2g
        androidboot.bootreason=reboot androidboot.ramdump_enable=0 ro
        root=/dev/dm-0 dm="system none ro,0 1 android-verity /dev/sda34"
        rootwait skip_initramfs init=/init androidboot.wificountrycode=US
        androidboot.boottime=1BLL:85,1BLE:669,2BLL:0,2BLE:1777,SW:6,KL:8136
    
    Among other things, it contains a value unique to the device
    (androidboot.serialno=FA6CE0305299), unique to the OS builds for the
    device variant (veritykeyid=id:dfcb9db0089e5b3b4090a592415c28e1cb4545ab)
    and timings from the bootloader stages in milliseconds
    (androidboot.boottime=1BLL:85,1BLE:669,2BLL:0,2BLE:1777,SW:6,KL:8136).
    
    [tytso@mit.edu: changelog tweak]
    [labbott@redhat.com: line-wrapped command line]
    Link: http://lkml.kernel.org/r/20170816231458.2299-3-labbott@redhat.comSigned-off-by: default avatarDaniel Micay <danielmicay@gmail.com>
    Signed-off-by: default avatarLaura Abbott <labbott@redhat.com>
    Acked-by: default avatarKees Cook <keescook@chromium.org>
    Cc: "Theodore Ts'o" <tytso@mit.edu>
    Cc: Laura Abbott <lauraa@codeaurora.org>
    Cc: Nick Kralevich <nnk@google.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    33d72f38
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...