| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2022 22:56:19 +0100
From: Ard Biesheuvel <ardb@...nel.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Dominik Brodowski <linux@...inikbrodowski.net>,
"Theodore Ts'o" <tytso@....edu>,
Graham Christensen <graham@...hamc.com>
Subject: Re: [PATCH] random: treat bootloader trust toggle the same way as cpu
trust toggle
On Wed, 23 Mar 2022 at 05:11, Jason A. Donenfeld <Jason@...c4.com> wrote:
>
> If CONFIG_RANDOM_TRUST_CPU is set, the RNG initializes using RDRAND.
> But, the user can disable (or enable) this behavior by setting
> `random.trust_cpu=0/1` on the kernel command line. This allows system
> builders to do reasonable things while avoiding howls from tinfoil
> hatters. (Or vice versa.)
>
> CONFIG_RANDOM_TRUST_BOOTLOADER is basically the same thing, but regards
> the seed passed via EFI or device tree, which might come from RDRAND or
> a TPM or somewhere else. In order to allow distros to more easily enable
> this while avoiding those same howls (or vice versa), this commit adds
> the corresponding `random.trust_bootloader=0/1` toggle.
>
> Cc: Dominik Brodowski <linux@...inikbrodowski.net>
> Cc: Theodore Ts'o <tytso@....edu>
> Cc: Graham Christensen <graham@...hamc.com>
> Link: https://github.com/NixOS/nixpkgs/pull/165355
> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
Reviewed-by: Ard Biesheuvel <ardb@...nel.org>
> ---
> drivers/char/random.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 7b7f5e6596c2..c8974e5f57e1 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -948,11 +948,17 @@ static bool drain_entropy(void *buf, size_t nbytes, bool force)
> **********************************************************************/
>
> static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU);
> +static bool trust_bootloader __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER);
> static int __init parse_trust_cpu(char *arg)
> {
> return kstrtobool(arg, &trust_cpu);
> }
> +static int __init parse_trust_bootloader(char *arg)
> +{
> + return kstrtobool(arg, &trust_bootloader);
> +}
> early_param("random.trust_cpu", parse_trust_cpu);
> +early_param("random.trust_bootloader", parse_trust_bootloader);
>
> /*
> * The first collection of entropy occurs at system boot while interrupts
> @@ -1160,7 +1166,7 @@ EXPORT_SYMBOL_GPL(add_hwgenerator_randomness);
> */
> void add_bootloader_randomness(const void *buf, size_t size)
> {
> - if (IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER))
> + if (trust_bootloader)
> add_hwgenerator_randomness(buf, size, size * 8);
> else
> add_device_randomness(buf, size);
> --
> 2.35.1
>
Powered by blists - more mailing lists