From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Kate Stewart <kstewart@linuxfoundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Mukesh Ojha <mojha@codeaurora.org>,
Grzegorz Halat <ghalat@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Guenter Roeck <groeck@chromium.org>,
Will Deacon <will@kernel.org>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Rob Herring <robh@kernel.org>,
Daniel Thompson <daniel.thompson@linaro.org>,
Anders Roxell <anders.roxell@linaro.org>,
Yury Norov <ynorov@marvell.com>, Marc Zyngier <maz@kernel.org>,
Russell King <linux@armlinux.org.uk>,
Aaro Koskinen <aaro.koskinen@nokia.com>,
Ingo Molnar <mingo@redhat.com>,
Viresh Kumar <viresh.kumar@linaro.org>,
Waiman Long <longman@redhat.com>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
Wei Li <liwei391@huawei.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Len Brown <len.brown@intel.com>,
Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
Rik van Riel <riel@surriel.com>,
Stephen Boyd <swboyd@chromium.org>,
Shaokun Zhang <zhangshaokun@hisilicon.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Borislav Petkov <bp@alien8.de>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Marcelo Tosatti <mtosatti@redhat.com>,
linux-kernel@vger.kernel.org, Armijn Hemel <armijn@tjaldur.nl>,
Jiri Kosina <jkosina@suse.cz>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Andrew Morton <akpm@linux-foundation.org>,
Tim Chen <tim.c.chen@linux.intel.com>,
"David S . Miller" <davem@davemloft.net>
Subject: Re: [PATCH v9 2/3] fdt: add support for rng-seed
Date: Thu, 22 Aug 2019 12:03:52 -0400 [thread overview]
Message-ID: <20190822160352.GA17783@mit.edu> (raw)
In-Reply-To: <20190822071522.143986-3-hsinyi@chromium.org>
On Thu, Aug 22, 2019 at 03:15:22PM +0800, Hsin-Yi Wang wrote:
> Introducing a chosen node, rng-seed, which is an entropy that can be
> passed to kernel called very early to increase initial device
> randomness. Bootloader should provide this entropy and the value is
> read from /chosen/rng-seed in DT.
>
> Obtain of_fdt_crc32 for CRC check after early_init_dt_scan_nodes(),
> since early_init_dt_scan_chosen() would modify fdt to erase rng-seed.
>
> Add a new interface add_bootloader_randomness() for rng-seed use case.
> Depends on whether the seed is trustworthy, rng seed would be passed to
> add_hwgenerator_randomness(). Otherwise it would be passed to
> add_device_randomness(). Decision is controlled by kernel config
> RANDOM_TRUST_BOOTLOADER.
>
> Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> Reviewed-by: Stephen Boyd <swboyd@chromium.org>
> Reviewed-by: Rob Herring <robh@kernel.org>
For the changes to drivers/char/random.c:
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: linux-arm-kernel@lists.infradead.org,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H . Peter Anvin" <hpa@zytor.com>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
"David S . Miller" <davem@davemloft.net>,
Viresh Kumar <viresh.kumar@linaro.org>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Arnd Bergmann <arnd@arndb.de>, Marc Zyngier <maz@kernel.org>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Wei Li <liwei391@huawei.com>,
Anders Roxell <anders.roxell@linaro.org>,
Rob Herring <robh@kernel.org>,
Aaro Koskinen <aaro.koskinen@nokia.com>,
Daniel Thompson <daniel.thompson@linaro.org>,
Tim Chen <tim.c.chen@linux.intel.com>,
Rik van Riel <riel@surriel.com>, Waiman Long <longman@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Armijn Hemel <armijn@tjaldur.nl>,
Grzegorz Halat <ghalat@redhat.com>,
Len Brown <len.brown@intel.com>,
Shaokun Zhang <zhangshaokun@hisilicon.com>,
Mike Rapoport <rppt@linux.vnet.ibm.com>,
Kees Cook <keescook@chromium.org>,
Stephen Boyd <swboyd@chromium.org>,
Guenter Roeck <groeck@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Yury Norov <ynorov@marvell.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Jiri Kosina <jkosina@suse.cz>, Mukesh Ojha <mojha@codeaurora.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v9 2/3] fdt: add support for rng-seed
Date: Thu, 22 Aug 2019 12:03:52 -0400 [thread overview]
Message-ID: <20190822160352.GA17783@mit.edu> (raw)
In-Reply-To: <20190822071522.143986-3-hsinyi@chromium.org>
On Thu, Aug 22, 2019 at 03:15:22PM +0800, Hsin-Yi Wang wrote:
> Introducing a chosen node, rng-seed, which is an entropy that can be
> passed to kernel called very early to increase initial device
> randomness. Bootloader should provide this entropy and the value is
> read from /chosen/rng-seed in DT.
>
> Obtain of_fdt_crc32 for CRC check after early_init_dt_scan_nodes(),
> since early_init_dt_scan_chosen() would modify fdt to erase rng-seed.
>
> Add a new interface add_bootloader_randomness() for rng-seed use case.
> Depends on whether the seed is trustworthy, rng seed would be passed to
> add_hwgenerator_randomness(). Otherwise it would be passed to
> add_device_randomness(). Decision is controlled by kernel config
> RANDOM_TRUST_BOOTLOADER.
>
> Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> Reviewed-by: Stephen Boyd <swboyd@chromium.org>
> Reviewed-by: Rob Herring <robh@kernel.org>
For the changes to drivers/char/random.c:
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
next prev parent reply other threads:[~2019-08-22 16:05 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-22 7:15 [PATCH v9 0/3] add support for rng-seed Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
2019-08-22 7:15 ` [PATCH v9 1/3] arm64: map FDT as RW for early_init_dt_scan() Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
2019-08-22 7:15 ` [PATCH v9 2/3] fdt: add support for rng-seed Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
2019-08-22 16:03 ` Theodore Y. Ts'o [this message]
2019-08-22 16:03 ` Theodore Y. Ts'o
2019-08-22 17:39 ` Stephen Boyd
2019-08-22 17:39 ` Stephen Boyd
2019-08-24 19:04 ` Kees Cook
2019-08-24 19:04 ` Kees Cook
2019-08-29 10:03 ` Hsin-Yi Wang
2019-08-29 10:03 ` Hsin-Yi Wang
2019-08-29 15:45 ` Theodore Y. Ts'o
2019-08-29 15:45 ` Theodore Y. Ts'o
2019-08-29 16:25 ` Kees Cook
2019-08-29 16:22 ` Kees Cook
2019-08-29 16:22 ` Kees Cook
2019-08-22 7:15 ` [PATCH v9 3/3] arm64: kexec_file: add rng-seed support Hsin-Yi Wang
2019-08-22 7:15 ` Hsin-Yi Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190822160352.GA17783@mit.edu \
--to=tytso@mit.edu \
--cc=aaro.koskinen@nokia.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=anders.roxell@linaro.org \
--cc=armijn@tjaldur.nl \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=daniel.thompson@linaro.org \
--cc=davem@davemloft.net \
--cc=ghalat@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=hpa@zytor.com \
--cc=hsinyi@chromium.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=keescook@chromium.org \
--cc=kstewart@linuxfoundation.org \
--cc=len.brown@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=liwei391@huawei.com \
--cc=longman@redhat.com \
--cc=m.szyprowski@samsung.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=mojha@codeaurora.org \
--cc=mtosatti@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=riel@surriel.com \
--cc=robh@kernel.org \
--cc=rppt@linux.vnet.ibm.com \
--cc=swboyd@chromium.org \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=viresh.kumar@linaro.org \
--cc=will@kernel.org \
--cc=ynorov@marvell.com \
--cc=zhangshaokun@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.