| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1694f42c-bfc9-570a-64d2-3984965c8940@android.com>
Date: Fri, 14 Feb 2020 09:00:16 -0800
From: Mark Salyzyn <salyzyn@...roid.com>
To: Rob Herring <robh@...nel.org>,
Masami Hiramatsu <mhiramat@...nel.org>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Android Kernel Team <kernel-team@...roid.com>,
Theodore Ts'o <tytso@....edu>, Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Richard Henderson <richard.henderson@...aro.org>,
Mark Brown <broonie@...nel.org>,
Kees Cook <keescook@...omium.org>,
Hsin-Yi Wang <hsinyi@...omium.org>,
Vasily Gorbik <gor@...ux.ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Steven Rostedt <rostedt@...dmis.org>,
Mike Rapoport <rppt@...ux.ibm.com>,
Arvind Sankar <nivedita@...m.mit.edu>,
Dominik Brodowski <linux@...inikbrodowski.net>,
Thomas Gleixner <tglx@...utronix.de>,
Alexander Potapenko <glider@...gle.com>,
Jonathan Corbet <corbet@....net>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Juergen Gross <jgross@...e.com>,
Linux Doc Mailing List <linux-doc@...r.kernel.org>
Subject: Re: [PATCH 0/3] random: add random.rng_seed to bootconfig entry
On 2/14/20 5:49 AM, Rob Herring wrote:
> On Fri, Feb 14, 2020 at 12:10 AM Masami Hiramatsu <mhiramat@...nel.org> wrote:
>> Hi,
>>
>> The following series is bootconfig based implementation of
>> the rng_seed option patch originally from Mark Salyzyn.
>> Note that I removed unrelated command line fixes from this
>> series.
> Why do we need this? There's already multiple other ways to pass
> random seed and this doesn't pass the "too complex for the command
> line" argument you had for needing bootconfig.
>
> Rob
Android is the use case I can vouch for. But also KVM.
Android Cuttlefish is an emulated device used extensively in the testing
and development infrastructure for In-house, partner, and system and
application developers for Android. There is no bootloader, per-se.
Because of the Android GKI distribution, there is also no rng virtual
driver built in, it is loaded later as a module, too late for many
aspects of KASLR and networking. There is no Device Tree, it does
however have access to the content of the initrd image, and to the
command line for the kernel. The only convenient way to get early
entropy is going to have to be one of those two places.
In addition, 2B Android devices on the planet, especially in light of
the Android GKI distribution were everything that is vendor created is
in a module, needs a way to collect early entropy prior to module load
and pass it to the kernel. Yes, they do have access to the recently
added Device Tree approach, and we expect them to use it, as I have an
active backport for the mechanism into the Android 4.19 and 5.4 kernels.
There may also be some benefit to allowing the 13000 different
bootloaders an option to use bootconfig as a way of propagating the much
needed entropy to their kernels. I could make a case to also allow them
command line as another option to relieve their development stress to
deliver product, but we can stop there. Regardless, this early entropy
has the benefit of greatly improving security and precious boot time.
Sincerely -- Mark Salyzyn
Powered by blists - more mailing lists