| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Sep 2013 08:05:32 -0500 From: "H. Peter Anvin" <hpa@...or.com> To: Torsten Duwe <duwe@....de>, Torsten Duwe <duwe@....de> CC: tytso@....edu, ingo.tuchscherer@...ibm.com, linux-kernel@...r.kernel.org, Hans-Georg Markgraf <MGRF@...ibm.com>, Gerald Schaefer <gerald.schaefer@...ibm.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, Heiko Carstens <heiko.carstens@...ibm.com>, Joe Perches <joe@...ches.com> Subject: Re: [Resend PATCH 2/2] s390: provide hardware randomness from zcrypt card to /dev/random As I said, the option of doing feed from hwrng directly via a kernel thread seems the most logical thing to me, assuming you can convince Ted & co. rngd doesn't really add much value for a whitened source. Torsten Duwe <duwe@....de> wrote: > > >On Thu, 12 Sep 2013, H. Peter Anvin wrote: > >> From what I can gather from the patch this is too heavyweight (need >> locks and so on) to use as arch_get_random*(). There has been a lot >of > >Alas, I can see there's only x86 that currently has this implemented? > >> discussion about the pros and cons of allowing the kernel to bypass >> rngd, but I would think that any such plumbing -- once it gets past >the >> fully synchronous low latency properties of arch_get_random*() -- >really >> should be implemented as an option in the existing hwrng device >> infrastructure. > >As I wrote in the intro, the problem to solve is slow startup when ASLR >is >in effect; in that case: until rngd or haveged is finally running. > >> In other words, start by implementing a hwrng device. That will work >> right now with rngd running. Then we can consider if we want to >allow > >That's already there, thanks to the IBM guys :) > >> bypass of rngd for certain hwrng devices -- which may include zcrypt, >> virtio_rng and so on. > >I'm currently thinking about some kind of buffer in zcrypt, where >arch_get_random can get a long or int quickly, as "designed" after x86. >Device init or low water would trigger a work item to refill the >buffer. >It might tun out though, that every device on every architecture that >does >not quite match the x86 approach implements its own buffer. > >What do you think? > >Besides that, as you wrote, a generic mechanism to mix hwrngs into the >input pool would be nice, triggered by user space policy. As far as I >can >see, some mixing of arch_get_random is done, but no entropy credited? > > Torsten -- Sent from my mobile phone. Please pardon brevity and lack of formatting. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists