From: "H. Peter Anvin" <hpa@zytor.com>
To: Torsten Duwe <duwe@lst.de>
Cc: tytso@mit.edu, ingo.tuchscherer@de.ibm.com,
linux-kernel@vger.kernel.org,
Hans-Georg Markgraf <MGRF@de.ibm.com>,
Gerald Schaefer <gerald.schaefer@de.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Joe Perches <joe@perches.com>
Subject: Re: [Resend PATCH 2/2] s390: provide hardware randomness from zcrypt card to /dev/random
Date: Thu, 12 Sep 2013 13:37:53 -0700 [thread overview]
Message-ID: <52322621.3040908@zytor.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1309121139000.3818@linux.site>
On 09/12/2013 02:41 AM, Torsten Duwe wrote:
>
> Running completely virtualised, system Z severely lacks good true random sources.
> Gathering entropy in a virtual environment is difficult. To compensate, there is
> specialised crypto hardware which includes a source for hardware randomness;
> the zcrypt driver is able to access this random source. This patch adds a kernel
> thread that feeds the random bits via the interface created with the previous patch.
>
> Signed-off-by: Torsten Duwe <duwe@lst.de>
>From what I can gather from the patch this is too heavyweight (need
locks and so on) to use as arch_get_random*(). There has been a lot of
discussion about the pros and cons of allowing the kernel to bypass
rngd, but I would think that any such plumbing -- once it gets past the
fully synchronous low latency properties of arch_get_random*() -- really
should be implemented as an option in the existing hwrng device
infrastructure.
In other words, start by implementing a hwrng device. That will work
right now with rngd running. Then we can consider if we want to allow
bypass of rngd for certain hwrng devices -- which may include zcrypt,
virtio_rng and so on.
-hpa
next prev parent reply other threads:[~2013-09-12 20:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-12 9:41 [Resend PATCH 2/2] s390: provide hardware randomness from zcrypt card to /dev/random Torsten Duwe
2013-09-12 20:37 ` H. Peter Anvin [this message]
2013-09-19 8:47 ` Torsten Duwe
2013-09-19 13:03 ` H. Peter Anvin
2013-09-19 13:05 ` H. Peter Anvin
2014-03-17 16:48 ` [PATCH 00/03]: khwrngd (Was: s390: provide hardware randomness from zcrypt card to /dev/random) Torsten Duwe
2014-03-17 16:50 ` [Patch 01/03]: provide an injection point for pure hardware randomness Torsten Duwe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52322621.3040908@zytor.com \
--to=hpa@zytor.com \
--cc=MGRF@de.ibm.com \
--cc=duwe@lst.de \
--cc=gerald.schaefer@de.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=ingo.tuchscherer@de.ibm.com \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=schwidefsky@de.ibm.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.