[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240214195744.8332-1-Jason@zx2c4.com>
Date: Wed, 14 Feb 2024 20:56:46 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: x86@...nel.org,
linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
Borislav Petkov <bp@...en8.de>,
Daniel P . Berrangé <berrange@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Elena Reshetova <elena.reshetova@...el.com>,
"H . Peter Anvin" <hpa@...or.com>,
Ingo Molnar <mingo@...hat.com>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Theodore Ts'o <tytso@....edu>,
Thomas Gleixner <tglx@...utronix.de>
Subject: [PATCH v2 0/2] CoCo/RDRAND brokenness fixes
This takes a two-pronged approach to the matter, now that we have
details from Intel and AMD:
- In the generic case, if RDRAND fails, simply WARN(), and don't try
again. It turns out the "try 10 times" thing isn't actually a correct
recommendation from Intel. Since RDRAND failure implies CPU failure, a
WARN() seems in order on all platforms.
- On CoCo machines, where RDRAND failure implies the whole threat model
is compromised and execution shouldn't continue, we ensure that the
RNG gets 256-bits of RDRAND at boot, or otherwise fails.
Cc: Borislav Petkov <bp@...en8.de>
Cc: Daniel P. Berrangé <berrange@...hat.com>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Elena Reshetova <elena.reshetova@...el.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
Cc: Theodore Ts'o <tytso@....edu>
Cc: Thomas Gleixner <tglx@...utronix.de>
Jason A. Donenfeld (2):
x86/archrandom: WARN if RDRAND fails and don't retry
x86/coco: Require seeding RNG with RDRAND on CoCo systems
arch/x86/coco/core.c | 37 +++++++++++++++++++++++++++++++
arch/x86/include/asm/archrandom.h | 18 ++++++---------
arch/x86/include/asm/coco.h | 2 ++
arch/x86/kernel/setup.c | 2 ++
4 files changed, 48 insertions(+), 11 deletions(-)
--
2.43.0
Powered by blists - more mailing lists