lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3566075.R56niFO833@phil>
Date:   Sun, 09 Jul 2023 16:06:16 +0200
From:   Heiko Stuebner <heiko.stuebner@...ll.eu>
To:     Paul Walmsley <paul.walmsley@...ive.com>,
        Palmer Dabbelt <palmer@...belt.com>,
        Albert Ou <aou@...s.berkeley.edu>,
        linux-riscv@...ts.infradead.org
Cc:     Samuel Ortiz <sameo@...osinc.com>, linux@...osinc.com,
        Conor Dooley <conor.dooley@...rochip.com>,
        Andrew Jones <ajones@...tanamicro.com>,
        Anup Patel <apatel@...tanamicro.com>,
        linux-kernel@...r.kernel.org,
        "Hongren (Zenithal) Zheng" <i@...ithal.me>,
        Guo Ren <guoren@...nel.org>, Atish Patra <atishp@...osinc.com>,
        Björn Töpel <bjorn@...osinc.com>,
        Evan Green <evan@...osinc.com>, devicetree@...r.kernel.org,
        Samuel Ortiz <sameo@...osinc.com>
Subject: Re: [PATCH v3 4/4] RISC-V: Implement archrandom when Zkr is available

Am Sonntag, 9. Juli 2023, 13:55:46 CEST schrieb Samuel Ortiz:
> The Zkr extension is ratified and provides 16 bits of entropy seed when
> reading the SEED CSR.
> 
> We can implement arch_get_random_seed_longs() by doing multiple csrrw to
> that CSR and filling an unsigned long with valid entropy bits.
> 
> Acked-by: Conor Dooley <conor.dooley@...rochip.com>
> Signed-off-by: Samuel Ortiz <sameo@...osinc.com>
> ---

> +static inline size_t __must_check arch_get_random_seed_longs(unsigned long *v, size_t max_longs)
> +{
> +	if (!max_longs)
> +		return 0;
> +
> +	/*
> +	 * If Zkr is supported and csr_seed_long succeeds, we return one long
> +	 * worth of entropy.
> +	 */
> +	if (riscv_has_extension_likely(RISCV_ISA_EXT_ZKR) && csr_seed_long(v))

While this whole thing looks really nice, I don't think you can only
check the ZKR existence though.

To access the seed csr from supervisor-mode, it looks like the SSEED
bit in the mseccfg register also needs to be set by firmware.
And in the kernel we will likely need to check this setting somehow
before enabling access.

At least my qemu fails with an illegal instruction otherwise during the
early random seed initialization.


Heiko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ