| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 May 2022 18:25:08 +0200
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: Mimi Zohar <zohar@...ux.ibm.com>,
James Bottomley <jejb@...ux.ibm.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
David Howells <dhowells@...hat.com>
Cc: kernel@...gutronix.de, Sumit Garg <sumit.garg@...aro.org>,
Pankaj Gupta <pankaj.gupta@....com>,
David Gstir <david@...ma-star.at>,
Michael Walle <michael@...le.cc>,
John Ernberg <john.ernberg@...ia.se>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Horia Geantă <horia.geanta@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Jan Luebbe <j.luebbe@...gutronix.de>,
Eric Biggers <ebiggers@...nel.org>,
Richard Weinberger <richard@....at>,
Franck LENORMAND <franck.lenormand@....com>,
Matthias Schiffer <matthias.schiffer@...tq-group.com>,
keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Theodore Ts'o <tytso@....edu>,
"Jason A. Donenfeld" <Jason@...c4.com>
Subject: Re: [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key
material
Hello Mimi,
[Cc'ing RNG maintainers in case they want to chime in]
On 17.05.22 17:52, Mimi Zohar wrote:
> On Fri, 2022-05-13 at 16:57 +0200, Ahmad Fatoum wrote:
>> static int __init init_trusted(void)
>> {
>> + int (*get_random)(unsigned char *key, size_t key_len);
>> int i, ret = 0;
>>
>> for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
>> @@ -322,6 +333,28 @@ static int __init init_trusted(void)
>> strlen(trusted_key_sources[i].name)))
>> continue;
>>
>> + /*
>> + * We always support trusted.rng="kernel" and "default" as
>> + * well as trusted.rng=$trusted.source if the trust source
>> + * defines its own get_random callback.
>> + */
>
> While TEE trusted keys support was upstreamed, there was a lot of
> discussion about using kernel RNG. One of the concerns was lack of or
> insuffiencent entropy during early boot on embedded devices. This
> concern needs to be clearly documented in both Documentation/admin-
> guide/kernel-parameters.txt and Documentation/security/keys/trusted-
> encrypted.rst.
If a user decides to use kernel RNG for trusted keys, wait_for_random_bytes()
called first thing in the used get_random_bytes_wait() will (quoting
documentation) "wait for the input pool to be seeded and thus [is] guaranteed
to supply cryptographically secure random numbers."
Does this address your concerns about Kernel RNG use?
Thanks,
Ahmad
>
> thanks,
>
> Mimi
>
>> + get_random = trusted_key_sources[i].ops->get_random;
>> + if (trusted_rng && strcmp(trusted_rng, "default")) {
>> + if (!strcmp(trusted_rng, "kernel")) {
>> + get_random = kernel_get_random;
>> + } else if (strcmp(trusted_rng, trusted_key_sources[i].name) ||
>> + !get_random) {
>> + pr_warn("Unsupported RNG. Supported: kernel");
>> + if (get_random)
>> + pr_cont(", %s", trusted_key_sources[i].name);
>> + pr_cont(", default\n");
>> + return -EINVAL;
>> + }
>> + }
>> +
>> + if (!get_random)
>> + get_random = kernel_get_random;
>> +
>> static_call_update(trusted_key_init,
>> trusted_key_sources[i].ops->init);
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists