From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "Alex Bennée" <alex.bennee@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-devel@nongnu.org
Subject: Re: [PATCH] hw/arm/virt: dt: add rng-seed property
Date: Wed, 29 Jun 2022 13:26:49 +0200 [thread overview]
Message-ID: <Yrw2+X6Pi8qlTo2d@zx2c4.com> (raw)
In-Reply-To: <878rpfixfh.fsf@linaro.org>
On Wed, Jun 29, 2022 at 11:18:23AM +0100, Alex Bennée wrote:
>
> Peter Maydell <peter.maydell@linaro.org> writes:
>
> > On Tue, 28 Jun 2022 at 19:45, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> >>
> >> On 6/27/22, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> >> > On 6/27/22, Peter Maydell <peter.maydell@linaro.org> wrote:
> >> >> On Mon, 27 Jun 2022 at 17:07, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> >> >>>
> >> >>> In 60592cfed2 ("hw/arm/virt: dt: add kaslr-seed property"), the
> >> >>> kaslr-seed property was added, but the equally as important rng-seed
> >> >>> property was forgotten about, which has identical semantics for a
> >> >>> similar purpose. This commit implements it in exactly the same way as
> >> >>> kaslr-seed.
> >> >>
> >> >> Not an objection, since if this is what the dtb spec says we need
> >> >> to provide then I guess we need to provide it, but:
> >> >> Why do we need to give the kernel two separate random seeds?
> >> >> Isn't one sufficient for the kernel to seed its RNG and generate
> >> >> whatever randomness it needs for whatever purposes it wants it?
> >> >>
> >> >
> >> > Seems a bit silly to me too. `rng-seed` alone ought to be sufficient.
> >> > After the kernel calls add_bootloader_randomness() on it,
> >> > get_random_long() can be used for kaslr'ing and everything else too.
> >> > So I'm not sure what's up, but here we are. Maybe down the line I'll
> >> > look into the details and formulate a plan to remove `kaslr-seed` if
> >> > my supposition is correct.
>
> Sorry now I've had my coffee and read properly I see you are already
> aware of kaslr-seed. However my point about suppression would still
> stand because for the secure boot flow you need checksum-able DTBs.
Please read the patch. Maybe take a sip of coffee first. There's a knob
for this too.
The code is exactly the same for kaslr-seed and rng-seed. Everytime
there's some kaslr-seed thing, there is now the same rng-seed thing.
Jason
next prev parent reply other threads:[~2022-06-29 11:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-27 16:07 [PATCH] hw/arm/virt: dt: add rng-seed property Jason A. Donenfeld
2022-06-27 16:12 ` Peter Maydell
2022-06-27 16:36 ` Jason A. Donenfeld
2022-06-28 18:45 ` Jason A. Donenfeld
2022-06-29 9:37 ` Peter Maydell
2022-06-29 10:15 ` Alex Bennée
2022-06-29 10:18 ` Alex Bennée
2022-06-29 11:26 ` Jason A. Donenfeld [this message]
2022-06-29 15:24 ` Alex Bennée
2022-06-29 15:55 ` Jason A. Donenfeld
2022-06-30 9:15 ` Peter Maydell
2022-06-30 10:22 ` Jason A. Donenfeld
2022-06-30 10:37 ` [PATCH v2] " Jason A. Donenfeld
2022-07-04 14:42 ` Peter Maydell
2022-07-05 0:45 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yrw2+X6Pi8qlTo2d@zx2c4.com \
--to=jason@zx2c4.com \
--cc=alex.bennee@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.