[XEN PATCH v1] libxl/arm: provide guests with random seed

[XEN PATCH v1] libxl/arm: provide guests with random seed

[Sergiy Kibrik]

Pass random seed via FDT, so that guests' CRNGs are better seeded early at boot.
Depending on its configuration Linux can use the seed as device randomness
or to just quickly initialize CRNG.
In either case this will provide extra randomness to further harden CRNG.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
---
 tools/libxl/libxl_arm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
index 34f8a29056..05c58a428c 100644
--- a/tools/libxl/libxl_arm.c
+++ b/tools/libxl/libxl_arm.c
@@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void *fdt, bool ramdisk,
         if (res) return res;
     }
 
+    uint8_t seed[128];
+    res = libxl__random_bytes(gc, seed, sizeof(seed));
+    if (res) return res;
+    res = fdt_property(fdt, "rng-seed", seed, sizeof(seed));
+    if (res) return res;
+
     res = fdt_end_node(fdt);
     if (res) return res;
 
-- 
2.25.1

Re: [XEN PATCH v1] libxl/arm: provide guests with random seed

[Julien Grall]

Hi,

On 24/05/2021 09:00, Sergiy Kibrik wrote:
> Pass random seed via FDT, so that guests' CRNGs are better seeded early at boot.
> Depending on its configuration Linux can use the seed as device randomness
> or to just quickly initialize CRNG.
> In either case this will provide extra randomness to further harden CRNG.
> 
> Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
> ---
>   tools/libxl/libxl_arm.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c
> index 34f8a29056..05c58a428c 100644
> --- a/tools/libxl/libxl_arm.c
> +++ b/tools/libxl/libxl_arm.c
> @@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void *fdt, bool ramdisk,
>           if (res) return res;
>       }
>   
> +    uint8_t seed[128];

I couldn't find any documentation for the property (although, I have 
found code in Linux). Can you explain where the 128 come from?

Also, local variables should be defined at the beginning of the function.

> +    res = libxl__random_bytes(gc, seed, sizeof(seed)); > +    if (res) return res;
> +    res = fdt_property(fdt, "rng-seed", seed, sizeof(seed));
> +    if (res) return res;
> +
>       res = fdt_end_node(fdt);
>       if (res) return res;

Cheers,

-- 
Julien Grall

RE: [XEN PATCH v1] libxl/arm: provide guests with random seed

[Sergiy Kibrik]

Hi Julien,

> > diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index
> > 34f8a29056..05c58a428c 100644
> > --- a/tools/libxl/libxl_arm.c
> > +++ b/tools/libxl/libxl_arm.c
> > @@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void
> *fdt, bool ramdisk,
> >           if (res) return res;
> >       }
> >
> > +    uint8_t seed[128];
> 
> I couldn't find any documentation for the property (although, I have found
> code in Linux). Can you explain where the 128 come from?
 
I didn't find documentation either, probably that part is un-documented yet.
This is kind of tradeoff between ChaCha20 key size of 32 (which is used in guest Linux CRNG), and data size that host is expected to provide w/o being blocked or delayed
(which is 256 according to getrandom() man page). In case of 128-bytes seed each byte of CRNG state will be mixed 4 times using bytes from this seed.

> Also, local variables should be defined at the beginning of the function.
> 

Will fix that.

Thank you for review,
  Sergiy

Re: [XEN PATCH v1] libxl/arm: provide guests with random seed

[Julien Grall]

On 26/05/2021 10:28, Sergiy Kibrik wrote:
> Hi Julien,

Hi Sergiy,

>>> diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index
>>> 34f8a29056..05c58a428c 100644
>>> --- a/tools/libxl/libxl_arm.c
>>> +++ b/tools/libxl/libxl_arm.c
>>> @@ -342,6 +342,12 @@ static int make_chosen_node(libxl__gc *gc, void
>> *fdt, bool ramdisk,
>>>            if (res) return res;
>>>        }
>>>
>>> +    uint8_t seed[128];
>>
>> I couldn't find any documentation for the property (although, I have found
>> code in Linux). Can you explain where the 128 come from?
>   
> I didn't find documentation either, probably that part is un-documented yet.
> This is kind of tradeoff between ChaCha20 key size of 32 (which is used in guest Linux CRNG), and data size that host is expected to provide w/o being blocked or delayed
> (which is 256 according to getrandom() man page). In case of 128-bytes seed each byte of CRNG state will be mixed 4 times using bytes from this seed.

Ok. Can the reasoning be documented in the commit message (with a short 
summary in the code)? This would be helpful if in the future one decide 
to change the size of the seed.

Cheers,

-- 
Julien Grall

RE: [XEN PATCH v1] libxl/arm: provide guests with random seed

[Sergiy Kibrik]

 > Ok. Can the reasoning be documented in the commit message (with a short
> summary in the code)? This would be helpful if in the future one decide to
> change the size of the seed.
> 

Sure, I'll do that.

   -Sergiy