| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Apr 2014 00:01:37 -0400
From: Theodore Ts'o <tytso@....edu>
To: Sebastian Andrzej Siewior <sebastian@...akpoint.cc>
Cc: "Luck, Tony" <tony.luck@...el.com>,
Andi Kleen <andi@...stfloor.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Andi Kleen <ak@...ux.intel.com>, tglx@...utronix.de,
Herbert Xu <herbert@...dor.apana.org.au>,
Russell King <rmk+kernel@....linux.org.uk>,
Arnd Bergmann <arnd@...db.de>, Felipe Balbi <balbi@...com>,
shawn.guo@...aro.org, grant.likely@...aro.org
Subject: Re: [PATCH 01/11] random: don't feed stack data into pool when
interrupt regs NULL
On Fri, Apr 04, 2014 at 06:54:47PM +0200, Sebastian Andrzej Siewior wrote:
> And finally cycles which is random_get_entropy(). On ARM (as previously on
> MIPS) this returns 0. Well not always but for all platforms which do not
> implement register_current_timer_delay() which makes a lot of them.
Yes, ARM sucks for not implement random_get_entropy() on all
platforms. Film at 11. I'm told that Cortex ARM systms are supposed
to have a cycle counter. I'm not sure why it hasn't been wired up,
but it really should be.
> [0] = irq (8 bit)
> [1] = jiffies
> [2] = a constant unless regs is available and
> [3] = 0
Actually regs should be available nearly all of the time. So the
situation isn't quite as dire as you describe, but agreed, it is
pretty bad.
Still, it would be nice if random_get_entropy() could be wired up on
as many platforms as possible.
> +static int check_random_get_entropy(void)
> +{
> + cycles_t cyc1;
> + cycles_t cyc2;
> +
> + cyc1 = random_get_entropy();
> + cyc2 = random_get_entropy();
> + if (cyc1 != cyc2)
> + return 0;
> + udelay(1);
> + cyc2 = random_get_entropy();
> +
> + if (cyc1 != cyc2)
> + return 0;
> + pr_err("Error: random_get_entropy() does not return anything random\n");
> + WARN_ON(1);
> + return -EINVAL;
> +}
> +late_initcall(check_random_get_entropy);
This is lacking in subtly, and while I'm sympathetic with your
frustration, and unfortunately, there are a huge number of CPU's/SOC's
that don't implement a cycle counter or some other kind of cheap, high
resolution counter. I'm not against putting in a warning printk, but
issuing a WARN_ON(1) would be really be too obnoxious. Maybe
something like, "you're running on a crap CPU architecture and so
/dev/random may very well be insecure", but I think that's about as
blunt as we can really afford to be at this point.
- Ted
P.S. Maybe if Intel started a marketing campaign on G+ explaining why
ChromeOS on Intel machines is much more secure than ChromeOS on ARM,
we could finally get some action out of the !@...! ARM chip
manufacturers. :-/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists