From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Michael Kelley <mhklinux@outlook.com>
Cc: "haiyangz@microsoft.com" <haiyangz@microsoft.com>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
"decui@microsoft.com" <decui@microsoft.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"hpa@zytor.com" <hpa@zytor.com>, "arnd@arndb.de" <arnd@arndb.de>,
"tytso@mit.edu" <tytso@mit.edu>,
"x86@kernel.org" <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>
Subject: Re: [PATCH v2 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random number generator
Date: Wed, 13 Mar 2024 21:05:55 -0600 [thread overview]
Message-ID: <ZfJpk94mtwzRaJzv@zx2c4.com> (raw)
In-Reply-To: <SN6PR02MB41576DD458EB3C72F3784EDBD4292@SN6PR02MB4157.namprd02.prod.outlook.com>
Hi Michael,
On Thu, Mar 14, 2024 at 12:30:06AM +0000, Michael Kelley wrote:
> OK, fair enough. But just to double-check: When this is called,
> the EFI RNG protocol has already invoked add_bootloader_randomness(),
> and this line has been output:
>
> [ 0.000000] random: crng init done
>
> I don't see an obvious problem with calling add_bootloader_randomness()
> again, but wanted to confirm.
Yea, that's very much okay. It'll just get added as extra, which can't
hurt.
> Also, if we're adding this ACPI-based randomness for VMs that
> boot via EFI, then for consistency we should use it on Hyper-V
> based ARM64 VMs as well.
Agreed.
> Both bounds are just a check for bogusness. Having the hypervisor
> provide just 4 bytes (for example) of randomness seems like
> there might be something weird going on. But widening the bounds
> is fine with me. I'll use "8" and "SZ_4K".
Ahh, as a sanity check that seems like a reasonable heuristic.
> > > + for (i = 0; i < length; i++) {
> > > + header->checksum += randomdata[i];
> > > + randomdata[i] = 0;
> > > + }
> >
> > Seems dangerous for kexec and such. What if, in addition to zeroing out
> > the actual data, you also set header->length to 0, so that it doesn't
> > get used again as 32 bytes of known zeros?
>
> What's your take on the whole idea of zero'ing the random data? I
> saw the EFI RNG protocol handling was doing something roughly
> similiar. But yes, good point about kexec(). Zeroing the header->length
> would make sense to prevent any re-use.
Yes, I think zeroing it out is the right call. I wonder, though, what's
the deal with the checksum adjustment? Should we be checking the
checksum before using the random data? And do we have to adjust it like
that at the end, or can we just zero out the entire header (including
length) along with the random data?
Jason
next prev parent reply other threads:[~2024-03-14 3:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-07 18:48 [PATCH v2 1/1] x86/hyperv: Use Hyper-V entropy to seed guest random number generator mhkelley58
2024-03-13 4:50 ` Long Li
2024-03-13 5:29 ` Michael Kelley
2024-03-13 16:36 ` Long Li
2024-03-13 23:32 ` Jason A. Donenfeld
2024-03-14 0:30 ` Michael Kelley
2024-03-14 3:05 ` Jason A. Donenfeld [this message]
2024-03-14 4:30 ` Michael Kelley
2024-03-14 4:33 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZfJpk94mtwzRaJzv@zx2c4.com \
--to=jason@zx2c4.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhklinux@outlook.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=tytso@mit.edu \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).