From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752303AbbHTU00 (ORCPT <rfc822;w@1wt.eu>);
	Thu, 20 Aug 2015 16:26:26 -0400
Received: from mail-wi0-f179.google.com ([209.85.212.179]:33139 "EHLO
	mail-wi0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751753AbbHTU0Y (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 20 Aug 2015 16:26:24 -0400
Date: Thu, 20 Aug 2015 21:26:20 +0100
From: Matt Fleming <matt@codeblueprint.co.uk>
To: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
        linux-pm@vger.kernel.org, "Rafael J. Wysocki" <rjw@rjwysocki.net>,
        Matthew Garrett <matthew.garrett@nebula.com>,
        Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
        Josh Boyer <jwboyer@redhat.com>, Vojtech Pavlik <vojtech@suse.cz>,
        Matt Fleming <matt.fleming@intel.com>, Jiri Kosina <jkosina@suse.cz>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        "Lee, Chun-Yi" <jlee@suse.com>
Subject: Re: [PATCH v2 05/16] x86/efi: Get entropy through EFI random number
 generator protocol
Message-ID: <20150820202620.GF2567@codeblueprint.co.uk>
References: <1439273796-25359-1-git-send-email-jlee@suse.com>
 <1439273796-25359-6-git-send-email-jlee@suse.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1439273796-25359-6-git-send-email-jlee@suse.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 11 Aug, at 02:16:25PM, Lee, Chun-Yi wrote:
> +
> +static unsigned long efi_get_rng64(efi_system_table_t *sys_table,
> +				   void **rng_handle)
> +{
> +	const struct efi_config *efi_early = __efi_early();
> +	efi_rng_protocol_64 *rng = NULL;
> +	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
> +	u64 *handles = (u64 *)(unsigned long)rng_handle;
> +	efi_status_t status;
> +	unsigned long rng_number;
> +
> +	status = efi_call_early(handle_protocol, handles[0],
> +				&rng_proto, (void **)&rng);
> +	if (status != EFI_SUCCESS)
> +		efi_printk(sys_table, "Failed to get EFI_RNG_PROTOCOL handles\n");
> +
> +	if (status == EFI_SUCCESS && rng) {
> +		status = efi_early->call((unsigned long)rng->get_rng, rng, NULL,
> +					sizeof(rng_number), &rng_number);

Actually, one thing just occurred to me - you're not passing an
RNGAlgorithm value and are relying upon the firmware's default
implementation.

I don't think that's a safe bet, the default could be anything and
might vary across implementations.

Can we do a little better here and pick a "preferred" algorithm
instead of the default?

-- 
Matt Fleming, Intel Open Source Technology Center