[efi] Split out EFI_RNG_PROTOCOL as a separate entropy source

Commit 7ca801d ("[efi] Use the EFI_RNG_PROTOCOL as an entropy source
if available") added EFI_RNG_PROTOCOL as an alternative entropy source
via an ad-hoc mechanism specific to efi_entropy.c.

Split out EFI_RNG_PROTOCOL to a separate entropy source, and allow the
entropy core to handle the selection of RDRAND, EFI_RNG_PROTOCOL, or
timer ticks as the active source.

The fault detection logic added in commit a87537d ("[efi] Detect and
disable seriously broken EFI_RNG_PROTOCOL implementations") may be
removed completely, since the failure will already be detected by the
generic ANS X9.82-mandated repetition count test and will now be
handled gracefully by the entropy core.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

2 files changed, 6 insertions, 2 deletions

diff --git a/src/config/config_entropy.c b/src/config/config_entropy.c
index e96019a..9f12f1f 100644
--- a/src/config/config_entropy.c
+++ b/src/config/config_entropy.c
@@ -37,9 +37,12 @@ PROVIDE_REQUIRING_SYMBOL();
 #ifdef ENTROPY_RTC
 REQUIRE_OBJECT ( rtc_entropy );
 #endif
-#ifdef ENTROPY_EFI
+#ifdef ENTROPY_EFITICK
 REQUIRE_OBJECT ( efi_entropy );
 #endif
+#ifdef ENTROPY_EFIRNG
+REQUIRE_OBJECT ( efi_rng );
+#endif
 #ifdef ENTROPY_LINUX
 REQUIRE_OBJECT ( linux_entropy );
 #endif
diff --git a/src/config/defaults/efi.h b/src/config/defaults/efi.h
index 16c5616..8e53b9a 100644
--- a/src/config/defaults/efi.h
+++ b/src/config/defaults/efi.h
@@ -19,7 +19,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define SMBIOS_EFI
 #define SANBOOT_EFI
 #define BOFM_EFI
-#define ENTROPY_EFI
+#define ENTROPY_EFITICK
+#define ENTROPY_EFIRNG
 #define TIME_EFI
 #define REBOOT_EFI
 #define ACPI_EFI