lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 6 Jul 2022 17:12:13 -0700
From:   Randy Dunlap <rdunlap@...radead.org>
To:     "Jason A. Donenfeld" <Jason@...c4.com>,
        linux-kernel@...r.kernel.org
Cc:     x86@...nel.org, Theodore Ts'o <tytso@....edu>,
        "H . Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...e.de>
Subject: Re: [PATCH] random: remove "nordrand" flag in favor of
 "random.trust_cpu"

Hi Jason,

On 7/6/22 17:00, Jason A. Donenfeld wrote:
> The decision of whether or not to trust RDRAND is controlled by the
> "random.trust_cpu" boot time parameter or the CONFIG_RANDOM_TRUST_CPU
> compile time default. The "nordrand" flag was added during the early
> days of RDRAND, when there were worries that merely using its values
> could compromise the RNG. However, these days, RDRAND values are not
> used directly but always go through the RNG's hash function, making
> "nordrand" no longer useful.
> 
> Rather, the correct switch is "random.trust_cpu", which not only handles
> the relevant trust issue directly, but also is general to multiple CPU
> types, not just x86.
> 
> However, x86 RDRAND does have a history of being occassionally

                                                   occasionally

> problematic. Prior, when the kernel would notice something strange, it'd
> warn in dmesg and suggest enabling "nordrand". We can improve on that by
> making the test a little bit better and then taking the step of
> automatically disabling "nordrand" if we detect it's problematic.

                enabling
?  I.e., disabling RDRAND and RDSEED.


> 
> Also extend the basic sanity test to RDSEED in addition to RDRAND, and
> disable both if either one fails.
> 
> Cc: x86@...nel.org
> Cc: Theodore Ts'o <tytso@....edu>
> Suggested-by: H. Peter Anvin <hpa@...or.com>
> Suggested-by: Borislav Petkov <bp@...e.de>
> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
> ---
> This patch builds on top of v4 of "random: remove CONFIG_ARCH_RANDOM":
> https://lore.kernel.org/lkml/20220706143521.459565-1-Jason@zx2c4.com/
> 
>  .../admin-guide/kernel-parameters.txt         |  5 --
>  arch/x86/kernel/cpu/amd.c                     |  2 +-
>  arch/x86/kernel/cpu/rdrand.c                  | 73 +++++++++----------
>  3 files changed, 36 insertions(+), 44 deletions(-)

> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
> index 0c0b09796ced..216fc2f53cbe 100644
> --- a/arch/x86/kernel/cpu/amd.c
> +++ b/arch/x86/kernel/cpu/amd.c
> @@ -808,7 +808,7 @@ static void clear_rdrand_cpuid_bit(struct cpuinfo_x86 *c)
>  		return;
>  
>  	/*
> -	 * The nordrand option can clear X86_FEATURE_RDRAND, so check for
> +	 * The self test can clear X86_FEATURE_RDRAND, so check for

Preferably:    self-test

>  	 * RDRAND support using the CPUID function directly.
>  	 */
>  	if (!(cpuid_ecx(1) & BIT(30)) || rdrand_force)


-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ