Additional sources of entropy under UEFI (at least on Windows systems)

[Wack0]

Windows (bootloaders and userland) saves a bunch of entropy to UEFI variables, under GUID eaec226f-c9a3-477a-a826-ddc716cdc0e3 (aka EfiIDNamespaceVariable) - this could be used to seed an RNG alongside device path if present:

• UnlockID (boot services only) and UnlockIDCopy (boot and runtime services) - 32 bytes of data coming out of UEFI CSPRNG services, used to ensure a device-specific secure boot policy (etc) is intended for the correct system, set by bootmgr
• OfflineUniqueIDEKPub - set in various places, if TPM is present, to the TPM endorsement key public key
• OfflineUniqueIDRandomSeed - set in various places, if TPM isn't present, to 32 bytes of data coming out of BCrypt CSPRNG

At least some or all of these may be present as long as windows has booted on a system once.

[pbatard]

Thanks for the heads up on this.

My understanding is that with the 2 default RNGs (OpenSSL's or the fallback to UEFI's if we can't access the former, though I suspect that, since UEFI uses OpenSSL behind the scenes, both probably map to something similar), along with a modern CPU, guessing the seed still won't help an attacker much in trying to predict the random number sequence because the seed will be combined a somewhat difficult to hack source of entropy. In short, the seed should only really matter if none of the above are available and we have to use the extra fallback to our internal and very unsafe Mersenne RNG (which isn't enabled, unless you force it on the commandline, and comes with a big warning telling the user that it's unsafe to use).

But I'll still see if I can poke these variables, as it's always a good idea to make the seed as hard to guess as possible.