From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Matthew Wilcox <willy@infradead.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: repeatable boot randomness inside KVM guest
Date: Tue, 17 Apr 2018 17:40:59 -0400 [thread overview]
Message-ID: <20180417214059.GA23194@thunk.org> (raw)
In-Reply-To: <1523979759.3310.7.camel@HansenPartnership.com>
On Tue, Apr 17, 2018 at 04:42:39PM +0100, James Bottomley wrote:
> Depends how the parameter is passed. If it can be influenced from the
> command line then a large class of "trusted boot" systems actually
> don't verify the command line, so you can boot a trusted system and
> still inject bogus command line parameters. This is definitely true of
> PC class secure boot. Not saying it will always be so, just
> illustrating why you don't necessarily want to expand the attack
> surface.
Sure, this is why I don't really like the scheme of relying on the
command line. For one thing, the command-line is public, so if the
attacker can read /proc/cmdline, they'll have access to the entropy.
What I would prefer is an extension to the boot protocol so that some
number of bytes would be passed to the kernel as a separate bag of
bytes alongside the kernel command line and the initrd.
The kernel would mix that into the random driver (which is written so
the basic input pool and primary_crng can accept input in super-early
boot). This woud be done *before* we relocate the kernel, so that
kernel ASLR code can relocate the kernel test to a properly
unpredictable number --- so this really is quite super-early boot.
> OK, in the UEFI ideal world where every component is a perfectly
> written OS, perhaps you're right. In the more real world, do you trust
> the people who wrote the bootloader to understand and correctly
> implement the cryptographically secure process of obtaining a random
> input?
In the default setup, I would expect the bootloader (such as grub)
would read the random initialization data from disk. So it would work
much like systemd reading from /var/lib/systemd/random-seed. And I
would trust the bootloader implementors to be able to do this about as
well as I would trust the systemd implementors. :-) It's not that
hard, after all....
- Ted
next prev parent reply other threads:[~2018-04-17 21:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20180414195921.GA10437@avx2>
2018-04-14 22:44 ` repeatable boot randomness inside KVM guest Theodore Y. Ts'o
2018-04-15 0:41 ` Matthew Wilcox
2018-04-17 9:13 ` James Bottomley
2018-04-17 11:47 ` Matthew Wilcox
2018-04-17 11:57 ` James Bottomley
2018-04-17 14:07 ` Matthew Wilcox
2018-04-17 15:20 ` James Bottomley
2018-04-17 15:16 ` Theodore Y. Ts'o
2018-04-17 15:42 ` James Bottomley
2018-04-17 21:40 ` Theodore Y. Ts'o [this message]
2018-04-16 15:54 ` Kees Cook
2018-04-16 16:15 ` Thomas Garnier
2018-04-17 0:31 ` Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180417214059.GA23194@thunk.org \
--to=tytso@mit.edu \
--cc=James.Bottomley@HansenPartnership.com \
--cc=adobriyan@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).