RE: [PATCH v2 2/2] x86/coco: Require seeding RNG with RDRAND on CoCo systems

From: Reshetova, Elena
Date: Wed Feb 21 2024 - 02:52:42 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v3 1/3] dt-bindings: power: supply: Add Acer Aspire 1 EC"
Previous message: Hangbin Liu: "Re: [PATCH net-next v5] bonding: rate-limit bonding driver inspect messages"
In reply to: Jason A. Donenfeld: "Re: [PATCH v2 2/2] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Next in thread: Jason A. Donenfeld: "Re: [PATCH v2 2/2] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi Elena,
>
> On Fri, Feb 16, 2024 at 8:57 AM Reshetova, Elena
> <elena.reshetova@xxxxxxxxx> wrote:
> > So, yes, coco_random_init() happens first, which actually now has a nice
> > side-effect that on coco platforms we drop HW CPU output even earlier
> > in the entropy pool (Yay!).
> > Which at this point would be almost perfect, *if* we could also
> > count this entropy drop and allow ChaCha seeding to benefit straight from
> > this early drop of entropy.
>
> I addressed this already in my last reply. I wouldn't get too hung up
> on the entropy counting stuff. The RNG is going to get initialized
> just fine anyway no matter what, and whether or not it's counted,
> it'll still be used and available basically immediately anyway.
>
> > How about changing this to use add_hwgenerator_randomness()?
>
> That function is only for the hwrng API. It handles sleep semantics
> and that's specific to that interface boundary. It is not for random
> drivers and platforms to call directory.
>
> > And adjust cc_random_init() to try rdseed first and only fallback to rdrand
> > if it fails?
>
> I guess that's possible, but what even is the point? I don't think
> that really more directly accomplishes the objective here anyway. The
> whole idea is we want to ensure that RDRAND is at least working for 32
> bytes and if not panic. That's *all* we care about. Later on the RNG
> will eat rdseed opportunistically as it can; let it handle that as it
> does, and leave this patch here to be simple and direct and accomplish
> the one single solitary goal of panicking if it can't avoid the worst
> case scenario.

Okay, I guess I won’t start fighting for a cleanliness of an overall construction
(and rest of people stay pretty quiet in this discussion thread).
Functionally-wise we will get what we need in practice and I learned that
"disagree and commit" is a very useful principle to exercise for moving things forward,
so I am ok with this approach.

Would you submit the patch or how do we proceed on this?

Best Regards,
Elena.

Next message: Krzysztof Kozlowski: "Re: [PATCH v3 1/3] dt-bindings: power: supply: Add Acer Aspire 1 EC"
Previous message: Hangbin Liu: "Re: [PATCH net-next v5] bonding: rate-limit bonding driver inspect messages"
In reply to: Jason A. Donenfeld: "Re: [PATCH v2 2/2] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Next in thread: Jason A. Donenfeld: "Re: [PATCH v2 2/2] x86/coco: Require seeding RNG with RDRAND on CoCo systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]