From: Stephan Mueller <smueller@chronox.de>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Steffen Klassert <steffen.klassert@secunet.com>
Subject: Re: [PATCH] crypto: jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT
Date: Mon, 06 Nov 2023 16:25:51 +0100 [thread overview]
Message-ID: <3094055.QNPB7aoccF@tauon.chronox.de> (raw)
In-Reply-To: <ZUi5KMUaNkp0c1Ds@gondor.apana.org.au>
Am Montag, 6. November 2023, 11:00:08 CET schrieb Herbert Xu:
Hi Herbert,
> On Thu, Nov 02, 2023 at 08:32:36PM -1000, Linus Torvalds wrote:
> > I think that would help the situation, but I assume the sizing for the
> > jitter buffer is at least partly due to trying to account for cache
> > sizing or similar issues?
> >
> > Which really means that I assume any static compile-time answer to
> > that question is always wrong - whether you are an expert or not.
> > Unless you are just building the thing for one particular machine.
> >
> > So I do think the problem is deeper than "this is a question only for
> > experts". I definitely don't think you should ask a regular user (or
> > even a distro kernel package manager). I suspect it's likely that the
> > question is just wrong in general - because any particular one buffer
> > size for any number of machines simply cannot be the right answer.
> >
> > I realize that the commit says "*allow* for configuration of memory
> > size", but I really question the whole approach.
>
> Yes I think these are all valid points. I just noticed that I
> forgot to cc the author so let's see if Stephan has anything to
> add.
I concur that these questions are more for experts.
>
> > But yes - hiding these questions from any reasonable normal user is at
> > least a good first step.
>
> OK here's the patch:
>
> ---8<---
> As JITTERENTROPY is selected by default if you enable the CRYPTO
> API, any Kconfig options added there will show up for every single
> user. Hide the esoteric options under EXPERT as well as FIPS so
> that only distro makers will see them.
>
> Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index bbf51d55724e..70661f58ee41 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -1297,10 +1297,12 @@ config CRYPTO_JITTERENTROPY
>
> See https://www.chronox.de/jent.html
>
> +if CRYPTO_JITTERENTROPY
> +if CRYPTO_FIPS && EXPERT
> +
> choice
> prompt "CPU Jitter RNG Memory Size"
> default CRYPTO_JITTERENTROPY_MEMSIZE_2
> - depends on CRYPTO_JITTERENTROPY
> help
> The Jitter RNG measures the execution time of memory accesses.
> Multiple consecutive memory accesses are performed. If the memory
> @@ -1344,7 +1346,6 @@ config CRYPTO_JITTERENTROPY_OSR
> int "CPU Jitter RNG Oversampling Rate"
> range 1 15
> default 1
> - depends on CRYPTO_JITTERENTROPY
> help
> The Jitter RNG allows the specification of an oversampling rate (OSR).
> The Jitter RNG operation requires a fixed amount of timing
> @@ -1359,7 +1360,6 @@ config CRYPTO_JITTERENTROPY_OSR
>
> config CRYPTO_JITTERENTROPY_TESTINTERFACE
> bool "CPU Jitter RNG Test Interface"
> - depends on CRYPTO_JITTERENTROPY
> help
> The test interface allows a privileged process to capture
> the raw unconditioned high resolution time stamp noise that
> @@ -1377,6 +1377,28 @@ config CRYPTO_JITTERENTROPY_TESTINTERFACE
>
> If unsure, select N.
>
> +endif # if CRYPTO_FIPS && EXPERT
> +
> +if !(CRYPTO_FIPS && EXPERT)
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
> + int
> + default 64
> +
> +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
> + int
> + default 32
> +
> +config CRYPTO_JITTERENTROPY_OSR
> + int
> + default 1
> +
> +config CRYPTO_JITTERENTROPY_TESTINTERFACE
> + bool
> +
> +endif # if !(CRYPTO_FIPS && EXPERT)
> +endif # if CRYPTO_JITTERENTROPY
> +
> config CRYPTO_KDF800108_CTR
> tristate
> select CRYPTO_HMAC
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Ciao
Stephan
next prev parent reply other threads:[~2023-11-06 15:26 UTC|newest]
Thread overview: 204+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-03 4:40 [GIT PULL] Crypto Update for 5.9 Herbert Xu
2020-08-03 17:55 ` pr-tracker-bot
2020-08-30 22:33 ` [GIT PULL] Crypto Fixes " Herbert Xu
2020-08-30 23:02 ` pr-tracker-bot
2020-09-10 0:34 ` Herbert Xu
2020-09-10 2:48 ` pr-tracker-bot
2020-10-26 1:11 ` [GIT PULL] Crypto Fixes for 5.10 Herbert Xu
2020-10-26 17:52 ` pr-tracker-bot
2020-12-27 11:32 ` [GIT PULL] Crypto Fixes for 5.11 Herbert Xu
2020-12-27 17:27 ` pr-tracker-bot
2021-01-08 3:54 ` Herbert Xu
2021-01-08 20:36 ` pr-tracker-bot
2021-01-18 5:13 ` Herbert Xu
2021-01-18 21:16 ` pr-tracker-bot
2021-01-25 22:36 ` Herbert Xu
2021-01-26 0:01 ` pr-tracker-bot
2021-07-08 3:09 ` [GIT PULL] Crypto Fixes for 5.14 Herbert Xu
2021-07-09 19:20 ` pr-tracker-bot
2021-08-17 1:36 ` Herbert Xu
2021-08-17 2:27 ` pr-tracker-bot
2021-09-29 2:38 ` [GIT PULL] Crypto Fixes for 5.15 Herbert Xu
2021-09-29 14:51 ` pr-tracker-bot
2021-10-29 4:14 ` Herbert Xu
2021-10-29 17:39 ` Linus Torvalds
2021-11-02 4:01 ` Herbert Xu
2021-10-29 18:49 ` pr-tracker-bot
2021-11-12 10:48 ` [GIT PULL] Crypto Fixes for 5.16 Herbert Xu
2021-11-12 20:42 ` pr-tracker-bot
2021-12-22 5:13 ` Herbert Xu
2021-12-22 19:02 ` pr-tracker-bot
2022-02-09 2:33 ` [GIT PULL] Crypto Fixes for 5.17 Herbert Xu
2022-02-09 18:01 ` pr-tracker-bot
2022-03-16 1:13 ` Herbert Xu
2022-03-17 20:40 ` pr-tracker-bot
2022-03-31 3:16 ` [GIT PULL] Crypto Fixes for 5.18 Herbert Xu
2022-03-31 19:12 ` pr-tracker-bot
2022-05-20 5:41 ` Herbert Xu
2022-05-20 6:10 ` pr-tracker-bot
2022-05-27 11:29 ` [GIT PULL] Crypto Fixes for 5.19 Herbert Xu
2022-05-28 1:21 ` pr-tracker-bot
2022-06-17 8:29 ` Herbert Xu
2022-06-17 15:29 ` pr-tracker-bot
2022-06-30 7:56 ` Herbert Xu
2022-06-30 17:28 ` pr-tracker-bot
2022-08-31 8:55 ` [GIT PULL] Crypto Fixes for 6.0 Herbert Xu
2022-08-31 17:20 ` pr-tracker-bot
2022-10-17 4:38 ` [GIT PULL] Crypto Fixes for 6.1 Herbert Xu
2022-10-17 17:51 ` pr-tracker-bot
2022-10-28 4:58 ` Herbert Xu
2022-10-28 17:00 ` Linus Torvalds
2022-11-02 9:49 ` Herbert Xu
2022-10-28 17:02 ` pr-tracker-bot
2023-01-06 9:15 ` [GIT PULL] Crypto Fixes for 6.2 Herbert Xu
2023-01-06 21:19 ` pr-tracker-bot
2023-03-05 10:15 ` [GIT PULL] Crypto Fixes for 6.3 Herbert Xu
2023-03-05 19:37 ` pr-tracker-bot
2023-05-07 13:19 ` [GIT PULL] Crypto Fixes for 6.4 Herbert Xu
2023-05-07 18:12 ` pr-tracker-bot
2023-05-29 3:41 ` Herbert Xu
2023-05-29 11:39 ` pr-tracker-bot
2023-07-09 23:51 ` [GIT PULL] Crypto Fixes for 6.5 Herbert Xu
2023-07-10 17:20 ` pr-tracker-bot
2023-08-21 3:37 ` Herbert Xu
2023-08-21 5:09 ` pr-tracker-bot
2023-08-31 5:16 ` [GIT PULL] Crypto Fixes for 6.6 Herbert Xu
2023-09-01 23:19 ` pr-tracker-bot
2023-09-22 2:10 ` Herbert Xu
2023-09-22 16:43 ` pr-tracker-bot
2023-10-10 8:46 ` Herbert Xu
2023-10-10 18:54 ` pr-tracker-bot
2023-10-21 9:23 ` Herbert Xu
2023-10-21 17:57 ` pr-tracker-bot
2023-11-09 4:30 ` [GIT PULL] Crypto Fixes for 6.7 Herbert Xu
2023-11-10 1:30 ` pr-tracker-bot
2022-08-02 6:05 ` [GIT PULL] Crypto Update for 5.20 Herbert Xu
2022-08-03 0:57 ` pr-tracker-bot
2022-10-04 8:54 ` [GIT PULL] Crypto Update for 6.1 Herbert Xu
2022-10-10 20:56 ` pr-tracker-bot
2022-12-14 8:15 ` [GIT PULL] Crypto Update for 6.2 Herbert Xu
2022-12-14 22:25 ` pr-tracker-bot
2023-02-20 5:22 ` [GIT PULL] Crypto Update for 6.3 Herbert Xu
2023-02-22 2:50 ` pr-tracker-bot
2023-04-24 4:52 ` [GIT PULL] Crypto Update for 6.4 Herbert Xu
2023-04-26 17:06 ` pr-tracker-bot
2023-06-29 5:06 ` [GIT PULL] Crypto Update for 6.5 Herbert Xu
2023-07-01 5:04 ` pr-tracker-bot
2023-08-28 9:22 ` [GIT PULL] Crypto Update for 6.6 Herbert Xu
2023-08-29 19:00 ` pr-tracker-bot
2023-11-02 6:56 ` [GIT PULL] Crypto Update for 6.7 Herbert Xu
2023-11-03 2:34 ` Linus Torvalds
2023-11-03 5:52 ` Herbert Xu
2023-11-03 6:32 ` Linus Torvalds
2023-11-06 10:00 ` [PATCH] crypto: jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT Herbert Xu
2023-11-06 15:25 ` Stephan Mueller [this message]
2023-11-10 9:04 ` Geert Uytterhoeven
2023-11-03 2:37 ` [GIT PULL] Crypto Update for 6.7 pr-tracker-bot
2024-01-09 22:17 ` [GIT PULL] Crypto Update for 6.8 Herbert Xu
2024-01-10 20:38 ` pr-tracker-bot
2024-02-01 5:32 ` [GIT PULL] Crypto Fixes " Herbert Xu
2024-02-01 18:23 ` pr-tracker-bot
2024-02-08 4:29 ` Herbert Xu
2024-02-08 6:24 ` pr-tracker-bot
2024-02-21 9:10 ` Herbert Xu
2024-02-21 17:17 ` pr-tracker-bot
2024-02-28 8:07 ` Herbert Xu
2024-02-28 17:48 ` pr-tracker-bot
2024-03-06 9:47 ` Herbert Xu
2024-03-06 16:33 ` pr-tracker-bot
2024-03-25 9:47 ` [GIT PULL] Crypto Fixes for 6.9 Herbert Xu
2024-03-25 18:18 ` pr-tracker-bot
2024-05-20 3:26 ` [GIT PULL] Crypto Fixes for 6.10 Herbert Xu
2024-05-20 16:33 ` pr-tracker-bot
2024-05-29 4:17 ` Herbert Xu
2024-05-29 17:11 ` pr-tracker-bot
2024-06-28 0:40 ` Herbert Xu
2024-06-28 1:01 ` pr-tracker-bot
2024-09-23 3:08 ` [GIT PULL] Crypto Fixes for 6.12 Herbert Xu
2024-09-24 18:04 ` pr-tracker-bot
2024-10-16 5:37 ` Herbert Xu
2024-10-16 20:51 ` pr-tracker-bot
2024-10-21 5:45 ` Herbert Xu
2024-10-21 18:27 ` pr-tracker-bot
2024-11-15 11:51 ` Herbert Xu
2024-11-15 18:59 ` pr-tracker-bot
2024-12-14 9:21 ` [GIT PULL] Crypto Fixes for 6.13 Herbert Xu
2024-12-14 17:18 ` pr-tracker-bot
2025-03-31 4:50 ` [GIT PULL] Crypto Fixes for 6.15 Herbert Xu
2025-04-05 2:23 ` Herbert Xu
2025-04-05 3:09 ` pr-tracker-bot
2025-04-16 5:16 ` Herbert Xu
2025-04-16 15:24 ` pr-tracker-bot
2025-04-24 9:07 ` Herbert Xu
2025-04-24 16:29 ` pr-tracker-bot
2025-04-30 2:47 ` Herbert Xu
2025-04-30 4:19 ` pr-tracker-bot
2025-05-21 1:59 ` Herbert Xu
2025-05-21 3:15 ` pr-tracker-bot
2024-03-15 3:04 ` [GIT PULL] Crypto Update for 6.9 Herbert Xu
2024-03-15 21:51 ` Linus Torvalds
2024-03-16 4:39 ` Herbert Xu
2024-03-15 21:59 ` pr-tracker-bot
2024-05-13 3:50 ` [GIT PULL] Crypto Update for 6.10 Herbert Xu
2024-05-13 22:12 ` Linus Torvalds
2024-05-14 5:17 ` Herbert Xu
2024-05-14 5:41 ` Linus Torvalds
2024-05-14 6:02 ` Herbert Xu
2024-05-14 6:54 ` Lukas Wunner
2024-05-14 17:07 ` Linus Torvalds
2024-05-13 22:38 ` pr-tracker-bot
2024-07-18 13:49 ` [GIT PULL] Crypto Update for 6.11 Herbert Xu
2024-07-19 18:09 ` pr-tracker-bot
2024-09-16 3:59 ` [GIT PULL] Crypto Update for 6.12 Herbert Xu
2024-09-16 4:55 ` pr-tracker-bot
2024-11-18 3:18 ` [GIT PULL] Crypto Update for 6.13 Herbert Xu
2024-11-19 19:06 ` pr-tracker-bot
2025-01-23 11:10 ` [GIT PULL] Crypto Update for 6.14 Herbert Xu
2025-01-24 16:05 ` pr-tracker-bot
2025-03-25 5:53 ` [GIT PULL] Crypto Update for 6.15 Herbert Xu
2025-03-25 15:25 ` Eric Biggers
2025-03-25 16:59 ` Ard Biesheuvel
2025-03-26 1:49 ` Herbert Xu
2025-03-26 2:16 ` Herbert Xu
2025-03-26 3:34 ` Eric Biggers
2025-03-26 3:52 ` Herbert Xu
2025-03-30 2:33 ` Chaining is dead Herbert Xu
2025-03-31 16:56 ` Eric Biggers
2025-04-01 2:44 ` Herbert Xu
2025-04-01 3:33 ` Eric Biggers
2025-04-01 3:55 ` Herbert Xu
2025-04-01 4:08 ` Eric Biggers
2025-04-01 4:14 ` Herbert Xu
2025-04-01 7:20 ` Milan Broz
2025-04-01 3:30 ` Herbert Xu
2025-04-01 3:39 ` Eric Biggers
2025-04-04 8:46 ` Christoph Hellwig
2025-03-26 3:20 ` [GIT PULL] Crypto Update for 6.15 Eric Biggers
2025-03-26 3:30 ` Herbert Xu
2025-03-29 17:40 ` Linus Torvalds
2025-03-29 18:06 ` Eric Biggers
2025-03-29 18:17 ` Linus Torvalds
2025-03-29 18:19 ` Linus Torvalds
2025-03-29 18:38 ` Eric Biggers
2025-03-29 18:52 ` Linus Torvalds
2025-03-29 18:24 ` pr-tracker-bot
2020-10-12 3:32 ` [GIT PULL] Crypto Update for 5.10 Herbert Xu
2020-10-13 16:24 ` pr-tracker-bot
2020-12-14 5:55 ` [GIT PULL] Crypto Update for 5.11 Herbert Xu
2020-12-14 20:56 ` pr-tracker-bot
2021-02-15 2:47 ` [GIT PULL] Crypto Update for 5.12 Herbert Xu
2021-02-22 1:28 ` pr-tracker-bot
2021-04-26 12:32 ` [GIT PULL] Crypto Update for 5.13 Herbert Xu
2021-04-26 15:59 ` pr-tracker-bot
2021-06-28 11:00 ` [GIT PULL] Crypto Update for 5.14 Herbert Xu
2021-06-28 23:36 ` pr-tracker-bot
2021-08-30 8:28 ` [GIT PULL] Crypto Update for 5.15 Herbert Xu
2021-08-30 20:17 ` pr-tracker-bot
2021-11-02 3:52 ` [GIT PULL] Crypto Update for 5.16 Herbert Xu
2021-11-02 4:27 ` pr-tracker-bot
2022-01-11 2:04 ` [GIT PULL] Crypto Update for 5.17 Herbert Xu
2022-01-11 20:53 ` pr-tracker-bot
2022-03-20 23:42 ` [GIT PULL] Crypto Update for 5.18 Herbert Xu
2022-03-21 23:14 ` Linus Torvalds
2022-03-22 5:49 ` Herbert Xu
2022-03-21 23:18 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3094055.QNPB7aoccF@tauon.chronox.de \
--to=smueller@chronox.de \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.