lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Aug 2019 14:14:18 +0300
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     Hsin-Yi Wang <hsinyi@...omium.org>
Cc:     "Theodore Y. Ts'o" <tytso@....edu>,
        "moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE" 
        <linux-arm-kernel@...ts.infradead.org>,
        Rob Herring <robh+dt@...nel.org>,
        Devicetree List <devicetree@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Frank Rowand <frowand.list@...il.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Mike Rapoport <rppt@...ux.ibm.com>,
        Miles Chen <miles.chen@...iatek.com>,
        James Morse <james.morse@....com>,
        Andrew Murray <andrew.murray@....com>,
        Mark Rutland <mark.rutland@....com>,
        Jun Yao <yaojun8558363@...il.com>, Yu Zhao <yuzhao@...gle.com>,
        Robin Murphy <robin.murphy@....com>,
        Laura Abbott <labbott@...hat.com>,
        Stephen Boyd <swboyd@...omium.org>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH v8 2/3] fdt: add support for rng-seed

On Tue, 20 Aug 2019 at 10:43, Hsin-Yi Wang <hsinyi@...omium.org> wrote:
>
> Hi Ted,
>
> Thanks for raising this question.
>
> For UEFI based system, they have a config table that carries rng seed
> and can be passed to device randomness. However, they also use
> add_device_randomness (not sure if it's the same reason that they
> can't guarantee _all_ bootloader can be trusted)

The config table is actually a Linux invention: it is populated by the
EFI stub code (which is part of the kernel) based on the output of a
call into the EFI_RNG_PROTOCOL, which is defined in the UEFI spec, but
optional and not widely available.

I have opted for add_device_randomness() since there is no way to
establish the quality level of the output of EFI_RNG_PROTOCOL, and so
it is currently only used to prevent the bootup state of the entropy
pool to be too predictable, and the output does not contribute to the
entropy estimate kept by the RNG core.


> This patch is to let DT based system also have similar features, which
> can make initial random number stronger. (We only care initial
> situation here, since more entropy would be added to kernel as time
> goes on )
>
> Conservatively, we can use add_device_randomness() as well, which
> would pass buffer to crng_slow_load() instead of crng_fast_load().
> But I think we should trust bootloader here. Whoever wants to use this
> feature should make sure their bootloader can pass valid (random
> enough) seeds. If they are not sure, they can just don't add the
> property to DT.

It is the firmware that adds the property to the DT, not the user.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ