From: Jonathan McDowell <noodles@earth.li>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Olivia Mackall <olivia@selenic.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH] hwrng: core - Allow runtime disabling of the HW RNG
Date: Sat, 13 Sep 2025 15:08:55 +0100 [thread overview]
Message-ID: <aMV690M9WOS6rtWX@earth.li> (raw)
In-Reply-To: <aMTra7C-CayEcaCY@gondor.apana.org.au>
On Sat, Sep 13, 2025 at 11:56:27AM +0800, Herbert Xu wrote:
>On Mon, Sep 01, 2025 at 02:55:01PM +0100, Jonathan McDowell wrote:
>> From: Jonathan McDowell <noodles@meta.com>
>>
>> The HW RNG core allows for manual selection of which RNG device to use,
>> but does not allow for no device to be enabled. It may be desirable to
>> do this on systems with only a single suitable hardware RNG, where we
>> need exclusive access to other functionality on this device. In
>> particular when performing TPM firmware upgrades this lets us ensure the
>> kernel does not try to access the device.
>>
>> Before:
>>
>> root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
>> /sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0
>> /sys/devices/virtual/misc/hw_random/rng_current:tpm-rng-0
>> /sys/devices/virtual/misc/hw_random/rng_quality:1024
>> /sys/devices/virtual/misc/hw_random/rng_selected:0
>>
>> After:
>>
>> root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
>> /sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0 none
>> /sys/devices/virtual/misc/hw_random/rng_current:tpm-rng-0
>> /sys/devices/virtual/misc/hw_random/rng_quality:1024
>> /sys/devices/virtual/misc/hw_random/rng_selected:0
>>
>> root@debian-qemu-efi:~# echo none > /sys/devices/virtual/misc/hw_random/rng_current
>> root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
>> /sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0 none
>> /sys/devices/virtual/misc/hw_random/rng_current:none
>> grep: /sys/devices/virtual/misc/hw_random/rng_quality: No such device
>> /sys/devices/virtual/misc/hw_random/rng_selected:1
>>
>> (Observe using bpftrace no calls to TPM being made)
>>
>> root@debian-qemu-efi:~# echo "" > /sys/devices/virtual/misc/hw_random/rng_current
>> root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
>> /sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0 none
>> /sys/devices/virtual/misc/hw_random/rng_current:tpm-rng-0
>> /sys/devices/virtual/misc/hw_random/rng_quality:1024
>> /sys/devices/virtual/misc/hw_random/rng_selected:0
>>
>> (Observe using bpftrace that calls to the TPM resume)
>>
>> Signed-off-by: Jonathan McDowell <noodles@meta.com>
>> ---
>> drivers/char/hw_random/core.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
>> index 018316f54621..11c8077b792b 100644
>> --- a/drivers/char/hw_random/core.c
>> +++ b/drivers/char/hw_random/core.c
>> @@ -341,6 +341,10 @@ static ssize_t rng_current_store(struct device *dev,
>>
>> if (sysfs_streq(buf, "")) {
>> err = enable_best_rng();
>> + } else if (sysfs_streq(buf, "none")) {
>> + if (current_rng)
>> + cur_rng_set_by_user = 1;
>> + drop_current_rng();
>
>Is this setting supposed to be sticky?
>
>Because as it stands, if another HWRNG is registered after setting
>it to none, it would still become the default RNG which seems to be
>surprising.
Good point, I'd missed that (it's not likely to be an issue in my
situation), but I'll spin a v2 that fixes up hwrng_register() too.
J.
--
I'm an atheist myself - there is no Greg Hill.
next prev parent reply other threads:[~2025-09-13 14:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-01 13:55 [PATCH] hwrng: core - Allow runtime disabling of the HW RNG Jonathan McDowell
2025-09-13 3:56 ` Herbert Xu
2025-09-13 14:08 ` Jonathan McDowell [this message]
2025-09-15 16:02 ` [PATCH v2] " Jonathan McDowell
2025-09-23 3:43 ` Herbert Xu
2025-09-23 8:48 ` Jonathan McDowell
2025-09-23 13:33 ` [PATCH v3] " Jonathan McDowell
2025-10-17 8:17 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMV690M9WOS6rtWX@earth.li \
--to=noodles@earth.li \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=olivia@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).