From 32a18b39447d8f055465ee783c7543c8002cc518 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Wed, 25 Mar 2026 17:52:53 +0000
Subject: libreboot-utils: tidy up rand

also re-add /dev/urandom support, as a config option

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/libreboot-utils/nvmutil.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'util/libreboot-utils/nvmutil.c')

diff --git a/util/libreboot-utils/nvmutil.c b/util/libreboot-utils/nvmutil.c
index e02f60af..313390c0 100644
--- a/util/libreboot-utils/nvmutil.c
+++ b/util/libreboot-utils/nvmutil.c
@@ -44,8 +44,14 @@ main(int argc, char *argv[])
 #if (OpenBSD) >= 604
 	if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1)
 		err_no_cleanup(0, errno, "pledge plus unveil, main");
+#if defined(USE_URANDOM) && \
+    ((USE_URANDOM) > 0)
 	if (unveil("/dev/null", "r") == -1)
 		err_no_cleanup(0, errno, "unveil r: /dev/null");
+#else
+	if (unveil("/dev/urandom", "r") == -1)
+		err_no_cleanup(0, errno, "unveil r: /dev/urandom");
+#endif
 #elif (OpenBSD) >= 509
 	if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
 		err_no_cleanup(0, errno, "pledge, main");
-- 
cgit v1.2.1