From: Mark Salyzyn <salyzyn@android.com>
To: Rob Herring <robh@kernel.org>, Masami Hiramatsu <mhiramat@kernel.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Android Kernel Team <kernel-team@android.com>,
Theodore Ts'o <tytso@mit.edu>, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Richard Henderson <richard.henderson@linaro.org>,
Mark Brown <broonie@kernel.org>,
Kees Cook <keescook@chromium.org>,
Hsin-Yi Wang <hsinyi@chromium.org>,
Vasily Gorbik <gor@linux.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Steven Rostedt <rostedt@goodmis.org>,
Mike Rapoport <rppt@linux.ibm.com>,
Arvind Sankar <nivedita@alum.mit.edu>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Thomas Gleixner <tglx@linutronix.de>,
Alexander Potapenko <glider@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Juergen Gross <jgross@suse.com>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>
Subject: Re: [PATCH 0/3] random: add random.rng_seed to bootconfig entry
Date: Fri, 14 Feb 2020 09:00:16 -0800 [thread overview]
Message-ID: <1694f42c-bfc9-570a-64d2-3984965c8940@android.com> (raw)
In-Reply-To: <CAL_JsqJ_VwHdpQ_WnQHu5J-bfs1vRPd5HQwVekR+5kKdVi4sXw@mail.gmail.com>
On 2/14/20 5:49 AM, Rob Herring wrote:
> On Fri, Feb 14, 2020 at 12:10 AM Masami Hiramatsu <mhiramat@kernel.org> wrote:
>> Hi,
>>
>> The following series is bootconfig based implementation of
>> the rng_seed option patch originally from Mark Salyzyn.
>> Note that I removed unrelated command line fixes from this
>> series.
> Why do we need this? There's already multiple other ways to pass
> random seed and this doesn't pass the "too complex for the command
> line" argument you had for needing bootconfig.
>
> Rob
Android is the use case I can vouch for. But also KVM.
Android Cuttlefish is an emulated device used extensively in the testing
and development infrastructure for In-house, partner, and system and
application developers for Android. There is no bootloader, per-se.
Because of the Android GKI distribution, there is also no rng virtual
driver built in, it is loaded later as a module, too late for many
aspects of KASLR and networking. There is no Device Tree, it does
however have access to the content of the initrd image, and to the
command line for the kernel. The only convenient way to get early
entropy is going to have to be one of those two places.
In addition, 2B Android devices on the planet, especially in light of
the Android GKI distribution were everything that is vendor created is
in a module, needs a way to collect early entropy prior to module load
and pass it to the kernel. Yes, they do have access to the recently
added Device Tree approach, and we expect them to use it, as I have an
active backport for the mechanism into the Android 4.19 and 5.4 kernels.
There may also be some benefit to allowing the 13000 different
bootloaders an option to use bootconfig as a way of propagating the much
needed entropy to their kernels. I could make a case to also allow them
command line as another option to relieve their development stress to
deliver product, but we can stop there. Regardless, this early entropy
has the benefit of greatly improving security and precious boot time.
Sincerely -- Mark Salyzyn
next prev parent reply other threads:[~2020-02-14 17:00 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-14 6:10 [PATCH 0/3] random: add random.rng_seed to bootconfig entry Masami Hiramatsu
2020-02-14 6:10 ` [PATCH 1/3] bootconfig: Support non-ascii characters in value Masami Hiramatsu
2020-02-14 6:10 ` [PATCH 2/3] random: rng-seed source is utf-8 Masami Hiramatsu
2020-02-14 18:14 ` Hsin-Yi Wang
2020-02-14 19:58 ` Rob Herring
2020-02-14 22:47 ` Theodore Y. Ts'o
2020-02-14 22:55 ` Mark Salyzyn
2020-02-15 0:53 ` Theodore Y. Ts'o
2020-02-18 16:01 ` Mark Salyzyn
2020-02-18 16:52 ` Hsin-Yi Wang
2020-02-18 17:14 ` Theodore Y. Ts'o
2020-02-14 6:10 ` [PATCH 3/3] random: add random.rng_seed= bootconfig option Masami Hiramatsu
2020-02-14 13:49 ` [PATCH 0/3] random: add random.rng_seed to bootconfig entry Rob Herring
2020-02-14 17:00 ` Mark Salyzyn [this message]
2020-02-14 18:14 ` Rob Herring
2020-02-14 18:31 ` Mark Salyzyn
2020-02-15 0:17 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1694f42c-bfc9-570a-64d2-3984965c8940@android.com \
--to=salyzyn@android.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=broonie@kernel.org \
--cc=corbet@lwn.net \
--cc=glider@google.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hsinyi@chromium.org \
--cc=jgross@suse.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-team@android.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=mchehab+samsung@kernel.org \
--cc=mhiramat@kernel.org \
--cc=nivedita@alum.mit.edu \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=richard.henderson@linaro.org \
--cc=robh@kernel.org \
--cc=rostedt@goodmis.org \
--cc=rppt@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).