From: Jason Cooper <jason-NLaQJdtUoK4Be96aLqz0jA@public.gmane.org>
To: miaoqing-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org
Cc: "Pan,
Miaoqing" <miaoqing-Rm6X0d1/PG5y9aJCnZT0Uw@public.gmane.org>,
Stephan Mueller
<smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org>,
Herbert Xu
<herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>,
Matt Mackall <mpm-VDJrAJ4Gl5ZBDgjK7y7TUQ@public.gmane.org>,
"Valo, Kalle" <kvalo-A+ZNKFmMK5xy9aJCnZT0Uw@public.gmane.org>,
linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
ath9k-devel <ath9k-devel-A+ZNKFmMK5xy9aJCnZT0Uw@public.gmane.org>,
linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, "Sepehrdad,
Pouyan" <pouyans-Rm6X0d1/PG5y9aJCnZT0Uw@public.gmane.org>
Subject: Re: [PATCH 2/2] ath9k: disable RNG by default
Date: Thu, 11 Aug 2016 13:14:24 +0000 [thread overview]
Message-ID: <20160811131424.GI2013@io.lakedaemon.net> (raw)
In-Reply-To: <14a3879458f3bfc36068c2e8294ca448-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
On Thu, Aug 11, 2016 at 10:54:11AM +0800, miaoqing-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org wrote:
> On 2016-08-10 21:24, Jason Cooper wrote:
> >The fact is, barring userspace expectations of /dev/hwrng, hw_random is
> >the appropriate place for it. It's not a devicetree blob, mac address,
> >or pci config space. Which are things we feed in once for the heck of
> >it. This is a *continuous* source or questionable quality.
> >
> >I'm seriously considering putting this and timeriomem-rng into a
> >subdirectory under hw_random/, maybe environ/. Anything in there gets
> >quality=0 for default, and *doesn't* contribute to /dev/hwrng.
> >
> >Regardless which path we take, I think we should include 'adc' in the
> >name. I've heard countless times about "Atheros cards come with an rng
> >on board". :-/
>
> If I understand correctly, you want to bind the ADC source to
> /dev/hwrng, and then change rng-tools to set the entropy to zero in
> the ioctl call ? There are two major problems with that approach,
Nope. I want to leverage the hwrng framework to facilitate feeding the
*kernel* entropy pools like all the other hwrngs do currently. The
difference for *environmental* sources is that when userspace read()s
from /dev/hwrng, they will *not* contribute.
If the environmental sources are the only sources, then no /dev/hwrng
should appear.
> 1) We already tried once before to bind our solution to /dev/hwrng,
> and got so much complaints. The conclusion was that maybe we know that
> the output of /dev/hwrng does not have perfect entropy, but a normal
> user does not know and will misuse it. You mentioned in
> https://www.kernel.org/doc/Documentation/hw_random.txt we have
>
> "This data is NOT CHECKED by any
> fitness tests, and could potentially be bogus (if the
> hardware is faulty or has been tampered with). Data is only
> output if the hardware "has-data" flag is set, but nevertheless
> a security-conscious person would run fitness tests on the
> data before assuming it is truly random."
>
> But this is not enough to convince upstream to switch to /dev/hwrng.
> I think the concern of users misusing the solution is a very valid
> concern.
Agreed.
> 2) If we set the entropy to zero in rng-tools, we cannot tolerate the
> load. Rng-tools is not a timer-based solution. Similar to our
> solution, it is based on
> /proc/sys/kernel/random/write_wakeup_threshold. If we do not increase
> the entropy counter, rng-tools keep writing into the pool, and both
> rng-tools and WiFi chip will be overloaded.
That's why I propose a change to the hwrng framework to permit noise
sources while not wiring them up to feed /dev/hwrng. timeriomem-rng
should have the same problem ath9k-rng does.
Basically, if it wasn't designed to be an rng, it shouldn't be wired up
to /dev/hwrng.
thx,
Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Jason Cooper <jason@lakedaemon.net>
To: miaoqing@codeaurora.org
Cc: "Pan, Miaoqing" <miaoqing@qti.qualcomm.com>,
Stephan Mueller <smueller@chronox.de>,
Herbert Xu <herbert@gondor.apana.org.au>,
Matt Mackall <mpm@selenic.com>,
"Valo, Kalle" <kvalo@qca.qualcomm.com>,
linux-wireless@vger.kernel.org,
ath9k-devel <ath9k-devel@qca.qualcomm.com>,
linux-crypto@vger.kernel.org, "Sepehrdad,
Pouyan" <pouyans@qti.qualcomm.com>
Subject: Re: [PATCH 2/2] ath9k: disable RNG by default
Date: Thu, 11 Aug 2016 13:14:24 +0000 [thread overview]
Message-ID: <20160811131424.GI2013@io.lakedaemon.net> (raw)
In-Reply-To: <14a3879458f3bfc36068c2e8294ca448@codeaurora.org>
On Thu, Aug 11, 2016 at 10:54:11AM +0800, miaoqing@codeaurora.org wrote:
> On 2016-08-10 21:24, Jason Cooper wrote:
> >The fact is, barring userspace expectations of /dev/hwrng, hw_random is
> >the appropriate place for it. It's not a devicetree blob, mac address,
> >or pci config space. Which are things we feed in once for the heck of
> >it. This is a *continuous* source or questionable quality.
> >
> >I'm seriously considering putting this and timeriomem-rng into a
> >subdirectory under hw_random/, maybe environ/. Anything in there gets
> >quality=0 for default, and *doesn't* contribute to /dev/hwrng.
> >
> >Regardless which path we take, I think we should include 'adc' in the
> >name. I've heard countless times about "Atheros cards come with an rng
> >on board". :-/
>
> If I understand correctly, you want to bind the ADC source to
> /dev/hwrng, and then change rng-tools to set the entropy to zero in
> the ioctl call ? There are two major problems with that approach,
Nope. I want to leverage the hwrng framework to facilitate feeding the
*kernel* entropy pools like all the other hwrngs do currently. The
difference for *environmental* sources is that when userspace read()s
from /dev/hwrng, they will *not* contribute.
If the environmental sources are the only sources, then no /dev/hwrng
should appear.
> 1) We already tried once before to bind our solution to /dev/hwrng,
> and got so much complaints. The conclusion was that maybe we know that
> the output of /dev/hwrng does not have perfect entropy, but a normal
> user does not know and will misuse it. You mentioned in
> https://www.kernel.org/doc/Documentation/hw_random.txt we have
>
> "This data is NOT CHECKED by any
> fitness tests, and could potentially be bogus (if the
> hardware is faulty or has been tampered with). Data is only
> output if the hardware "has-data" flag is set, but nevertheless
> a security-conscious person would run fitness tests on the
> data before assuming it is truly random."
>
> But this is not enough to convince upstream to switch to /dev/hwrng.
> I think the concern of users misusing the solution is a very valid
> concern.
Agreed.
> 2) If we set the entropy to zero in rng-tools, we cannot tolerate the
> load. Rng-tools is not a timer-based solution. Similar to our
> solution, it is based on
> /proc/sys/kernel/random/write_wakeup_threshold. If we do not increase
> the entropy counter, rng-tools keep writing into the pool, and both
> rng-tools and WiFi chip will be overloaded.
That's why I propose a change to the hwrng framework to permit noise
sources while not wiring them up to feed /dev/hwrng. timeriomem-rng
should have the same problem ath9k-rng does.
Basically, if it wasn't designed to be an rng, it shouldn't be wired up
to /dev/hwrng.
thx,
Jason.
next prev parent reply other threads:[~2016-08-11 13:14 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-09 7:02 [PATCH 1/2] ath9k: change entropy formula for easier understanding miaoqing
2016-08-09 7:02 ` [PATCH 2/2] ath9k: disable RNG by default miaoqing
[not found] ` <1470726147-30095-2-git-send-email-miaoqing-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2016-08-09 7:14 ` Stephan Mueller
2016-08-09 7:14 ` Stephan Mueller
2016-08-09 7:35 ` Pan, Miaoqing
2016-08-09 8:07 ` Stephan Mueller
2016-08-09 8:58 ` Herbert Xu
2016-08-09 9:02 ` Stephan Mueller
[not found] ` <2569442.q63FVBJjUH-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-08-09 9:17 ` Herbert Xu
2016-08-09 9:17 ` Herbert Xu
[not found] ` <20160809091755.GA6370-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2016-08-09 9:37 ` Stephan Mueller
2016-08-09 9:37 ` Stephan Mueller
2016-08-09 9:46 ` Herbert Xu
2016-08-09 9:56 ` Stephan Mueller
2016-08-09 9:56 ` Herbert Xu
2016-08-09 10:06 ` Stephan Mueller
[not found] ` <11316081.S4pPZmZMrt-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-08-09 10:24 ` Henrique de Moraes Holschuh
2016-08-09 10:24 ` Henrique de Moraes Holschuh
2016-08-09 17:51 ` Jason Cooper
[not found] ` <1645997.7cVzaEi3NG-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-08-10 2:35 ` Pan, Miaoqing
2016-08-10 2:35 ` Pan, Miaoqing
[not found] ` <1470796501856.53342-Rm6X0d1/PG5y9aJCnZT0Uw@public.gmane.org>
2016-08-10 5:29 ` Stephan Mueller
2016-08-10 5:29 ` Stephan Mueller
[not found] ` <1543667.vXsZDTRgbm-jJGQKZiSfeo1haGO/jJMPxvVK+yQ3ZXh@public.gmane.org>
2016-08-10 6:04 ` Pan, Miaoqing
2016-08-10 6:04 ` Pan, Miaoqing
2016-08-10 6:25 ` Stephan Mueller
[not found] ` <14565196.xaXq375WQg-gNvIQDDl/k7Ia13z/PHSgg@public.gmane.org>
2016-08-10 6:46 ` Pan, Miaoqing
2016-08-10 6:46 ` Pan, Miaoqing
2016-08-10 6:51 ` Stephan Mueller
2016-08-10 7:15 ` Pan, Miaoqing
[not found] ` <c0951e085764481d8d85637734e2e14b-fhY3XlRGNI1pWAYlkNb9jaRtKmQZhJ7pQQ4Iyu8u01E@public.gmane.org>
2016-08-10 7:27 ` Stephan Mueller
2016-08-10 7:27 ` Stephan Mueller
[not found] ` <4321952.1nMxxDi7Wz-jJGQKZiSfeo1haGO/jJMPxvVK+yQ3ZXh@public.gmane.org>
2016-08-10 7:40 ` Pan, Miaoqing
2016-08-10 7:40 ` Pan, Miaoqing
[not found] ` <1e8e88ad7de64c528f08c75ff9176ab8-fhY3XlRGNI1pWAYlkNb9jaRtKmQZhJ7pQQ4Iyu8u01E@public.gmane.org>
2016-08-10 7:43 ` Pan, Miaoqing
2016-08-10 7:43 ` Pan, Miaoqing
[not found] ` <389c3c1fdde2447aacf31a8b4aadfc08-fhY3XlRGNI1pWAYlkNb9jaRtKmQZhJ7pQQ4Iyu8u01E@public.gmane.org>
2016-08-10 13:24 ` Jason Cooper
2016-08-10 13:24 ` Jason Cooper
2016-08-11 2:54 ` miaoqing
[not found] ` <14a3879458f3bfc36068c2e8294ca448-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2016-08-11 13:14 ` Jason Cooper [this message]
2016-08-11 13:14 ` Jason Cooper
2016-08-09 17:48 ` Jason Cooper
2016-08-09 17:48 ` Jason Cooper
2016-09-28 10:00 ` [2/2] " Kalle Valo
[not found] ` <1470726147-30095-1-git-send-email-miaoqing-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
2016-09-27 14:53 ` [1/2] ath9k: change entropy formula for easier understanding Kalle Valo
2016-09-27 14:53 ` Kalle Valo
2016-10-13 14:23 ` Kalle Valo
2016-10-13 14:23 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160811131424.GI2013@io.lakedaemon.net \
--to=jason-nlaqjdtuok4be96alqz0ja@public.gmane.org \
--cc=ath9k-devel-A+ZNKFmMK5xy9aJCnZT0Uw@public.gmane.org \
--cc=herbert-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org \
--cc=kvalo-A+ZNKFmMK5xy9aJCnZT0Uw@public.gmane.org \
--cc=linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=miaoqing-Rm6X0d1/PG5y9aJCnZT0Uw@public.gmane.org \
--cc=miaoqing-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org \
--cc=mpm-VDJrAJ4Gl5ZBDgjK7y7TUQ@public.gmane.org \
--cc=pouyans-Rm6X0d1/PG5y9aJCnZT0Uw@public.gmane.org \
--cc=smueller-T9tCv8IpfcWELgA04lAiVw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.