From f8b07dba2932714507f7ead6b8464ba3157d84bd Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Thu, 19 Mar 2026 18:34:28 +0000
Subject: util/nvmutil: rand: use getrandom on newer linux

we still fall back to the old /dev/urandom read
on older linux, via runtime detection (ENOSYS).

getrandom is better, because it guarantees entropy
via blocking, and works even when /dev/urandom
is unavailable.

it has the same practical benefit as arc4random,
which i use on bsd. linux can have arc4random,
but not every linux libc has it, so it's better
to use getrandom on linux.

older linux will fall back to /dev/urandom

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/include/common.h | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'util/nvmutil/include/common.h')

diff --git a/util/nvmutil/include/common.h b/util/nvmutil/include/common.h
index 36218d25..0a3beeac 100644
--- a/util/nvmutil/include/common.h
+++ b/util/nvmutil/include/common.h
@@ -9,6 +9,25 @@
 #include <sys/stat.h>
 #include <limits.h>
 
+/* for linux getrandom
+ */
+#if defined(__linux__)
+#include <errno.h>
+#if defined(__has_include)
+#if __has_include(<sys/random.h>)
+#include <sys/random.h>
+#define HAVE_GETRANDOM 1
+#endif
+#endif
+#if !defined(HAVE_GETRANDOM)
+#include <sys/syscall.h>
+#if defined(SYS_getrandom)
+#define HAVE_GETRANDOM_SYSCALL 1
+#endif
+#endif
+
+#endif
+
 #define items(x) (sizeof((x)) / sizeof((x)[0]))
 
 /* system prototypes
@@ -318,6 +337,12 @@ void set_mac_nib(unsigned long mac_str_pos,
     unsigned long mac_byte_pos, unsigned long mac_nib_pos);
 unsigned short hextonum(char ch_s);
 unsigned long rlong(void);
+#if defined(__linux__)
+#if defined(HAVE_GETRANDOM) || \
+    defined(HAVE_GETRANDOM_SYSCALL)
+int fallback_rand_getrandom(void *buf, size_t len);
+#endif
+#endif
 void write_mac_part(unsigned long partnum);
 
 /* Helper functions for command: dump
-- 
cgit v1.2.1