lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240214195744.8332-1-Jason@zx2c4.com>
Date: Wed, 14 Feb 2024 20:56:46 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: x86@...nel.org,
	linux-coco@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
	Borislav Petkov <bp@...en8.de>,
	Daniel P . Berrangé <berrange@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Elena Reshetova <elena.reshetova@...el.com>,
	"H . Peter Anvin" <hpa@...or.com>,
	Ingo Molnar <mingo@...hat.com>,
	"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
	Theodore Ts'o <tytso@....edu>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: [PATCH v2 0/2] CoCo/RDRAND brokenness fixes

This takes a two-pronged approach to the matter, now that we have
details from Intel and AMD:

- In the generic case, if RDRAND fails, simply WARN(), and don't try
  again. It turns out the "try 10 times" thing isn't actually a correct
  recommendation from Intel. Since RDRAND failure implies CPU failure, a
  WARN() seems in order on all platforms.

- On CoCo machines, where RDRAND failure implies the whole threat model
  is compromised and execution shouldn't continue, we ensure that the
  RNG gets 256-bits of RDRAND at boot, or otherwise fails.

Cc: Borislav Petkov <bp@...en8.de>
Cc: Daniel P. Berrangé <berrange@...hat.com>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Elena Reshetova <elena.reshetova@...el.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
Cc: Theodore Ts'o <tytso@....edu>
Cc: Thomas Gleixner <tglx@...utronix.de>

Jason A. Donenfeld (2):
  x86/archrandom: WARN if RDRAND fails and don't retry
  x86/coco: Require seeding RNG with RDRAND on CoCo systems

 arch/x86/coco/core.c              | 37 +++++++++++++++++++++++++++++++
 arch/x86/include/asm/archrandom.h | 18 ++++++---------
 arch/x86/include/asm/coco.h       |  2 ++
 arch/x86/kernel/setup.c           |  2 ++
 4 files changed, 48 insertions(+), 11 deletions(-)

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ