From: "H. Peter Anvin" <hpa@zytor.com>
To: Torsten Duwe <duwe@lst.de>
Cc: tytso@mit.edu, ingo.tuchscherer@de.ibm.com,
linux-kernel@vger.kernel.org,
Hans-Georg Markgraf <MGRF@de.ibm.com>,
Gerald Schaefer <gerald.schaefer@de.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Joe Perches <joe@perches.com>
Subject: Re: [Resend PATCH 2/2] s390: provide hardware randomness from zcrypt card to /dev/random
Date: Thu, 12 Sep 2013 13:37:53 -0700 [thread overview]
Message-ID: <52322621.3040908@zytor.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1309121139000.3818@linux.site>
On 09/12/2013 02:41 AM, Torsten Duwe wrote:
>
> Running completely virtualised, system Z severely lacks good true random sources.
> Gathering entropy in a virtual environment is difficult. To compensate, there is
> specialised crypto hardware which includes a source for hardware randomness;
> the zcrypt driver is able to access this random source. This patch adds a kernel
> thread that feeds the random bits via the interface created with the previous patch.
>
> Signed-off-by: Torsten Duwe <duwe@lst.de>
>From what I can gather from the patch this is too heavyweight (need
locks and so on) to use as arch_get_random*(). There has been a lot of
discussion about the pros and cons of allowing the kernel to bypass
rngd, but I would think that any such plumbing -- once it gets past the
fully synchronous low latency properties of arch_get_random*() -- really
should be implemented as an option in the existing hwrng device
infrastructure.
In other words, start by implementing a hwrng device. That will work
right now with rngd running. Then we can consider if we want to allow
bypass of rngd for certain hwrng devices -- which may include zcrypt,
virtio_rng and so on.
-hpa
next prev parent reply other threads:[~2013-09-12 20:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-12 9:41 [Resend PATCH 2/2] s390: provide hardware randomness from zcrypt card to /dev/random Torsten Duwe
2013-09-12 20:37 ` H. Peter Anvin [this message]
2013-09-19 8:47 ` Torsten Duwe
2013-09-19 13:03 ` H. Peter Anvin
2013-09-19 13:05 ` H. Peter Anvin
2014-03-17 16:48 ` [PATCH 00/03]: khwrngd (Was: s390: provide hardware randomness from zcrypt card to /dev/random) Torsten Duwe
2014-03-17 16:50 ` [Patch 01/03]: provide an injection point for pure hardware randomness Torsten Duwe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52322621.3040908@zytor.com \
--to=hpa@zytor.com \
--cc=MGRF@de.ibm.com \
--cc=duwe@lst.de \
--cc=gerald.schaefer@de.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=ingo.tuchscherer@de.ibm.com \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=schwidefsky@de.ibm.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox