2 files changed, 27 insertions, 0 deletions

diff --git a/common/Kconfig b/common/Kconfig
index e7914ca750a..ebee856e567 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -768,6 +768,20 @@ config TPL_STACKPROTECTOR
 	bool "Stack Protector buffer overflow detection for TPL"
 	depends on STACKPROTECTOR && TPL
 
+config BOARD_RNG_SEED
+	bool "Provide /chosen/rng-seed property to the linux kernel"
+	help
+	  Selecting this option requires the board to define a
+	  board_rng_seed() function, which should return a buffer
+	  which will be used to populate the /chosen/rng-seed property
+	  in the device tree for the OS being booted.
+
+	  It is up to the board code (and more generally the whole
+	  BSP) where and how to store (or generate) such a seed, how
+	  to ensure a given seed is only used once, how to create a
+	  new seed for use on subsequent boots, and whether or not the
+	  kernel should account any entropy from the given seed.
+
 endmenu
 
 menu "Update support"
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 8c18af2ce15..baf7fb70659 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -7,6 +7,7 @@
  */
 
 #include <common.h>
+#include <abuf.h>
 #include <env.h>
 #include <log.h>
 #include <mapmem.h>
@@ -279,6 +280,7 @@ __weak char *board_fdt_chosen_bootargs(void)
 
 int fdt_chosen(void *fdt)
 {
+	struct abuf buf = {};
 	int   nodeoffset;
 	int   err;
 	char  *str;		/* used to set string properties */
@@ -294,6 +296,17 @@ int fdt_chosen(void *fdt)
 	if (nodeoffset < 0)
 		return nodeoffset;
 
+	if (IS_ENABLED(CONFIG_BOARD_RNG_SEED) && !board_rng_seed(&buf)) {
+		err = fdt_setprop(fdt, nodeoffset, "rng-seed",
+				  abuf_data(&buf), abuf_size(&buf));
+		abuf_uninit(&buf);
+		if (err < 0) {
+			printf("WARNING: could not set rng-seed %s.\n",
+			       fdt_strerror(err));
+			return err;
+		}
+	}
+
 	str = board_fdt_chosen_bootargs();
 
 	if (str) {