Re: [PATCH v8 2/3] fdt: add support for rng-seed

devicetree.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
	Devicetree List <devicetree@vger.kernel.org>,
	"Theodore Y. Ts'o" <tytso@mit.edu>, Yu Zhao <yuzhao@google.com>,
	Kees Cook <keescook@chromium.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Stephen Boyd <swboyd@chromium.org>,
	Will Deacon <will.deacon@arm.com>,
	lkml <linux-kernel@vger.kernel.org>,
	Mike Rapoport <rppt@linux.ibm.com>,
	Jun Yao <yaojun8558363@gmail.com>,
	Miles Chen <miles.chen@mediatek.com>,
	Rob Herring <robh+dt@kernel.org>,
	James Morse <james.morse@arm.com>,
	Andrew Murray <andrew.murray@arm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Laura Abbott <labbott@redhat.com>,
	Frank Rowand <frowand.list@gmail.com>,
	"moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE"
	<linux-arm-kernel@lists.infradead.org>,
	Robin Murphy <robin.murphy@arm.com>
Subject: Re: [PATCH v8 2/3] fdt: add support for rng-seed
Date: Tue, 20 Aug 2019 14:14:18 +0300	[thread overview]
Message-ID: <CAKv+Gu_qJUU2hRujjv6e5yPqPQXRXokBU_2mSGD3civ2d2+xhw@mail.gmail.com> (raw)
In-Reply-To: <CAJMQK-ghQ8weMerXW7t0DFZTAg_c5M80Yp5DTAtyY2LA7YpS1A@mail.gmail.com>

On Tue, 20 Aug 2019 at 10:43, Hsin-Yi Wang <hsinyi@chromium.org> wrote:
>
> Hi Ted,
>
> Thanks for raising this question.
>
> For UEFI based system, they have a config table that carries rng seed
> and can be passed to device randomness. However, they also use
> add_device_randomness (not sure if it's the same reason that they
> can't guarantee _all_ bootloader can be trusted)

The config table is actually a Linux invention: it is populated by the
EFI stub code (which is part of the kernel) based on the output of a
call into the EFI_RNG_PROTOCOL, which is defined in the UEFI spec, but
optional and not widely available.

I have opted for add_device_randomness() since there is no way to
establish the quality level of the output of EFI_RNG_PROTOCOL, and so
it is currently only used to prevent the bootup state of the entropy
pool to be too predictable, and the output does not contribute to the
entropy estimate kept by the RNG core.


> This patch is to let DT based system also have similar features, which
> can make initial random number stronger. (We only care initial
> situation here, since more entropy would be added to kernel as time
> goes on )
>
> Conservatively, we can use add_device_randomness() as well, which
> would pass buffer to crng_slow_load() instead of crng_fast_load().
> But I think we should trust bootloader here. Whoever wants to use this
> feature should make sure their bootloader can pass valid (random
> enough) seeds. If they are not sure, they can just don't add the
> property to DT.

It is the firmware that adds the property to the DT, not the user.

next prev parent reply	other threads:[~2019-08-20 11:14 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-19  7:16 [PATCH v8 0/3] add support for rng-seed Hsin-Yi Wang
2019-08-19  7:16 ` [PATCH v8 1/3] arm64: map FDT as RW for early_init_dt_scan() Hsin-Yi Wang
2019-08-19  7:16 ` [PATCH v8 2/3] fdt: add support for rng-seed Hsin-Yi Wang
2019-08-19 18:13   ` Theodore Y. Ts'o
2019-08-20  7:42     ` Hsin-Yi Wang
2019-08-20 11:14       ` Ard Biesheuvel [this message]
2019-08-21  5:57         ` Hsin-Yi Wang
2019-08-21  6:39           ` Ard Biesheuvel
2019-08-21 16:21             ` Theodore Y. Ts'o
2019-08-19  7:16 ` [PATCH v8 3/3] arm64: kexec_file: add rng-seed support Hsin-Yi Wang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKv+Gu_qJUU2hRujjv6e5yPqPQXRXokBU_2mSGD3civ2d2+xhw@mail.gmail.com \
    --to=ard.biesheuvel@linaro.org \
    --cc=akpm@linux-foundation.org \
    --cc=andrew.murray@arm.com \
    --cc=catalin.marinas@arm.com \
    --cc=devicetree@vger.kernel.org \
    --cc=frowand.list@gmail.com \
    --cc=hsinyi@chromium.org \
    --cc=james.morse@arm.com \
    --cc=keescook@chromium.org \
    --cc=labbott@redhat.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=miles.chen@mediatek.com \
    --cc=robh+dt@kernel.org \
    --cc=robin.murphy@arm.com \
    --cc=rppt@linux.ibm.com \
    --cc=swboyd@chromium.org \
    --cc=tytso@mit.edu \
    --cc=will.deacon@arm.com \
    --cc=yaojun8558363@gmail.com \
    --cc=yuzhao@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).