From: Christopher Covington <cov@codeaurora.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Theodore Ts'o <tytso@mit.edu>, kvm list <kvm@vger.kernel.org>,
Gleb Natapov <gleb@kernel.org>,
Linux Virtualization <virtualization@lists.linux-foundation.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Standardizing an MSR or other hypercall to get an RNG seed?
Date: Mon, 22 Sep 2014 09:33:41 -0400 [thread overview]
Message-ID: <54202535.2030702@codeaurora.org> (raw)
In-Reply-To: <CALCETrU_r90=ve4v6xKfZHR_2O5+f05URqD5fzkbSpcuV4tb8A@mail.gmail.com>
On 09/19/2014 02:42 PM, Andy Lutomirski wrote:
> On Fri, Sep 19, 2014 at 11:30 AM, Christopher Covington
> <cov@codeaurora.org> wrote:
>> On 09/17/2014 10:50 PM, Andy Lutomirski wrote:
>>> Hi all-
>>>
>>> I would like to standardize on a very simple protocol by which a guest
>>> OS can obtain an RNG seed early in boot.
>>>
>>> The main design requirements are:
>>>
>>> - The interface should be very easy to use. Linux, at least, will
>>> want to use it extremely early in boot as part of kernel ASLR. This
>>> means that PCI and ACPI will not work.
>>
>> How do non-virtual systems get entropy this early? RDRAND/Padlock? Truerand?
>> Could hypervisors and simulators simply make sure these work?
>>
>
> If RDRAND is available, then Linux, at least, will use it. The rest
> are too complicated for early use. Linux on x86 plays some vaguely
> clever games with rdtsc and poking at the i8254 port.
I just wanted to check that it couldn't be as simple as giving one or both of
the timers random initial values.
Christopher
--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.
prev parent reply other threads:[~2014-09-22 13:33 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-18 2:50 Standardizing an MSR or other hypercall to get an RNG seed? Andy Lutomirski
2014-09-18 14:40 ` KY Srinivasan
[not found] ` <2aa00301e9af4826b5781e01709f81e7@BY2PR0301MB0711.namprd03.prod.outlook.com>
2014-09-18 14:43 ` H. Peter Anvin
2014-09-18 15:38 ` Andy Lutomirski
2014-09-18 15:44 ` Andy Lutomirski
2014-09-18 15:58 ` Paolo Bonzini
2014-09-18 16:36 ` KY Srinivasan
[not found] ` <5b9c7dcde3824e49a25f3ee00844b868@BY2PR0301MB0711.namprd03.prod.outlook.com>
2014-09-18 17:13 ` Nakajima, Jun
2014-09-18 17:17 ` Paolo Bonzini
[not found] ` <541B13B8.1020006@redhat.com>
2014-09-18 17:20 ` Jake Oshins
2014-09-18 17:20 ` KY Srinivasan
[not found] ` <b697ef83ae594d8fb34347339dd52dfa@BY2PR0301MB0711.namprd03.prod.outlook.com>
2014-09-18 17:42 ` Nakajima, Jun
2014-09-18 18:35 ` Andy Lutomirski
2014-09-18 18:39 ` H. Peter Anvin
2014-09-18 18:54 ` Niels Ferguson
2014-09-18 19:03 ` Andy Lutomirski
2014-09-18 21:54 ` David Hepkin
[not found] ` <572ba53a2e1e4278823f718a421e2c1d@BY2PR03MB585.namprd03.prod.outlook.com>
2014-09-19 6:04 ` Paolo Bonzini
2014-09-18 18:58 ` Paolo Bonzini
2014-09-18 19:07 ` Andy Lutomirski
2014-09-18 21:21 ` Nakajima, Jun
2014-09-18 21:35 ` Andy Lutomirski
2014-09-18 21:46 ` David Hepkin
[not found] ` <0180a8dfcad746a895755c4374853c16@BY2PR03MB585.namprd03.prod.outlook.com>
2014-09-18 21:57 ` H. Peter Anvin
2014-09-18 22:07 ` Andy Lutomirski
2014-09-19 0:49 ` Nakajima, Jun
[not found] ` <CAL54oT1Q8kABge=t4s5REVWWakboON-6vfszMRkVz=ks_3vRoA@mail.gmail.com>
2014-09-19 1:03 ` Andy Lutomirski
2014-09-19 1:28 ` Andy Lutomirski
[not found] ` <CALCETrWZ1cF23aT82yGfTKS48d2G+_Od7hEkAzDWzDhqpHNVqA@mail.gmail.com>
2014-09-19 16:14 ` Nakajima, Jun
2014-09-19 16:22 ` Paolo Bonzini
2014-09-19 16:40 ` H. Peter Anvin
2014-09-19 17:21 ` Andy Lutomirski
2014-09-19 17:36 ` H. Peter Anvin
2014-09-19 17:39 ` Andy Lutomirski
2014-09-19 22:05 ` Theodore Ts'o
2014-09-19 22:06 ` Andy Lutomirski
2014-09-19 22:57 ` Nakajima, Jun
2014-09-19 22:57 ` Theodore Ts'o
2014-09-19 23:12 ` Andy Lutomirski
2014-09-19 23:29 ` H. Peter Anvin
2014-09-19 23:29 ` H. Peter Anvin
2014-09-19 23:35 ` Theodore Ts'o
2014-09-19 23:41 ` Andy Lutomirski
2014-09-20 0:06 ` H. Peter Anvin
2014-09-18 22:00 ` Andy Lutomirski
2014-09-18 22:03 ` H. Peter Anvin
2014-09-19 16:37 ` Gleb Natapov
2014-09-19 16:40 ` H. Peter Anvin
2014-09-19 16:53 ` Gleb Natapov
2014-09-19 17:08 ` H. Peter Anvin
2014-09-19 17:15 ` Gleb Natapov
2014-09-19 17:18 ` H. Peter Anvin
2014-09-19 17:18 ` H. Peter Anvin
2014-09-19 17:49 ` Gleb Natapov
2014-09-19 18:02 ` Andy Lutomirski
2014-09-19 18:12 ` Gleb Natapov
2014-09-19 18:20 ` Andy Lutomirski
2014-09-19 20:53 ` Gleb Natapov
2014-09-22 4:11 ` Alok Kataria
2014-09-19 17:21 ` Andy Lutomirski
2014-09-19 17:59 ` Gleb Natapov
2014-09-18 18:56 ` Paolo Bonzini
2014-09-19 18:30 ` Christopher Covington
2014-09-19 18:42 ` Andy Lutomirski
2014-09-19 20:21 ` Nadav Amit
[not found] ` <15C8041A-3488-4693-B329-3A9FE77A0CB9@gmail.com>
2014-09-19 20:46 ` Andy Lutomirski
2014-09-19 21:46 ` H. Peter Anvin
2014-09-22 13:31 ` Christopher Covington
2014-09-22 14:17 ` H. Peter Anvin
2014-09-22 14:18 ` H. Peter Anvin
2014-09-22 23:01 ` H. Peter Anvin
2014-09-21 12:39 ` Paolo Bonzini
2014-09-22 13:33 ` Christopher Covington [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54202535.2030702@codeaurora.org \
--to=cov@codeaurora.org \
--cc=gleb@kernel.org \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=pbonzini@redhat.com \
--cc=tytso@mit.edu \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).