| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jul 2014 14:50:48 -0700 From: Kees Cook <keescook@...omium.org> To: Jason Cooper <jason@...edaemon.net> Cc: Amit Shah <amit.shah@...hat.com>, LKML <linux-kernel@...r.kernel.org>, Virtualization List <virtualization@...ts.linux-foundation.org>, Rusty Russell <rusty@...tcorp.com.au>, Herbert Xu <herbert@...dor.apana.org.au>, "# 3.4.x" <stable@...r.kernel.org> Subject: Re: [RFC PATCH] hwrng: sysfs entry rng_seed_kernel, was: "Re: [PATCH v2 1/2] hwrng: fetch randomness only after device init" On Fri, Jul 11, 2014 at 8:44 AM, Jason Cooper <jason@...edaemon.net> wrote: > On Fri, Jul 11, 2014 at 06:56:26PM +0530, Amit Shah wrote: >> On (Wed) 09 Jul 2014 [12:07:25], Jason Cooper wrote: >> > Amit, Kees, >> >> (snip) >> >> > I'm cooling to the idea of the init function for virtio-rng, and it >> > might be best just to admit that there's no way to seed the entropy pool >> > from the virtio-rng at probe time. After all, once userspace is up, the >> > system should take advantage of /dev/hwrng for the generation of >> > long-term keys. Either via rngd feeding /dev/random, or directly. >> > >> > As for the follow-on patch you asked about, I think that's fine. More >> > entropy can't hurt. >> > >> > The below patch might be worth considering so that the user of a system >> > with only virtio-rng can kick the entropy pool as they see fit. It's >> > probably not too kosher as is, but if the idea is liked, I could clean >> > it up and submit. >> > >> > The advantage is that users don't need to have rngd installed and >> > running on the system in order to jump-start the entropy pool. >> >> ... so a udev rule that looks for the new sysfs file, and asks the >> kernel to do its thing? > > Or, as simple as: > > [ -e /sys/.../rng_seed_kernel ] && echo "0" >/sys/.../rng_seed_kernel > > in the initrd. It needs to run *before* any init scripts which may create > keys. > >> And maybe even a patch to rngd that looks for this file and does a >> similar thing? > > I'm not opposed to that, but it doesn't fit the problem I'm trying to > solve. Basically, average systems, not trying to be Ft Knox-secure, but > needing to generate long-term keys at first boot. These systems won't > have an hwrng installed, but should use one if available. eg > virtio-rng, or any of the on-die SoC hwrngs. > >> There's also the option to use a delayed workqueue item, that will >> succeed if probe has finished. This method doesn't have userspace >> dependencies. > > Hmm, I like that idea better. No ABI change to maintain, no userspace > changes... You obviously know virtio-rng better than I do, care to take > a crack at it? I like this idea too. It's much nicer to just have the kernel Do The Right Thing automatically. :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists