Received: by 10.192.165.156 with SMTP id m28csp1609492imm; Tue, 17 Apr 2018 02:15:18 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/hqiPWioyWYqydI1ReNgje7KawqsBrPEheNuIRTcmCvPvnlmBzSb3Cci/BnYVXZdueJRHj X-Received: by 2002:a17:902:7101:: with SMTP id a1-v6mr1302822pll.291.1523956518563; Tue, 17 Apr 2018 02:15:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523956518; cv=none; d=google.com; s=arc-20160816; b=qkEY1I/2mbUd1DJenk/CaishnAqCSjN6nGTQjOgoC18JhRGECYB3kC3gHn5A1qaVoR fUQmURfi3JwNWIwwMkGKUMIIRFpjtc3mMmXP/f2ItgV3fdjIMXMnoQk4aw67x32ZgM82 OS0LpIzz2Ugalb9cLtygj0EGm61NOZ3dqD1AWFbBxJdT4T7tz2V2j8Y4Ke70yAM+CBCV SKFXYxaYEGL/H9I9ydvhn5py5VwGsp18Qlysds3zuEJxQILAj9d/wSngf6nJY/k/4E9W IjHVob8jm48IwqUJ94uLbZO9NwenqWC/CoM+zeF8wgpyilFakqPjI0NYf4tIspaVSkZj Dkfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:to:from:subject:message-id :dkim-signature:arc-authentication-results; bh=GqQjEoZYmcWtM29x7PVIg/RU2h2yRt2NdkDmzPgQL7o=; b=r8oYqp5do9HZp6WWbHYUsJ6OIbSgBiBNarhoJlGVIVd7Ahf1s1zd+Gt0fW3aubwozH +7LGeUu6IlaEgCS0OHUXkjFVjNMVMM827XhBPt42ScbSQkcnxYIEgZIIg88R7W8ngmwS q9R3WLUvMC9JfOnRduah6ZCRzY4bBqVNkL7urEiNO8DNnBAtWB8IqWb+iHkAJYCl1tWi NZ04Yj/6udwGf/gB5fEFLzGeOwajeYogndAGqXiOxvButGywC2k2mbp3E3+D0PN8YWcP AbsR1+85gA9SEPmYui57G2+jdu0BTRWe6xkYQCaC8qC7dffQ+qdW4ObfbahR0dlzqRf8 Vu/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=kHjKR6Hc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s22-v6si4344992plp.216.2018.04.17.02.15.04; Tue, 17 Apr 2018 02:15:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=kHjKR6Hc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752510AbeDQJNs (ORCPT + 99 others); Tue, 17 Apr 2018 05:13:48 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:49396 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751327AbeDQJNq (ORCPT ); Tue, 17 Apr 2018 05:13:46 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id AB72E8EE264; Tue, 17 Apr 2018 02:13:44 -0700 (PDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYwKI10cOBlf; Tue, 17 Apr 2018 02:13:41 -0700 (PDT) Received: from [192.168.0.46] (cpc91566-seac25-2-0-cust518.7-2.cable.virginm.net [86.0.94.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id D481F8EE0E2; Tue, 17 Apr 2018 02:13:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1523956421; bh=zlEQjqoPCquk4nLuQ1bWTtJhIsBCNZ5AODtYp5wchUo=; h=Subject:From:To:Date:In-Reply-To:References:From; b=kHjKR6HcebcVrcxncGMbLNi6YtKlzybJUrf7nlY4q4GdHyge1ffxkRqUW+xOWE5vt GFBpZ28B7v6OQwMttoKp8OFk1rYO9eHLRq4EQHbK/WREJOrlu9HE/6rL7Ez81EUnvP DkT6kCDZoSF8s5yZwuR9x9BhSr/hOu+OK46YjBxk= Message-ID: <1523956414.3250.5.camel@HansenPartnership.com> Subject: Re: repeatable boot randomness inside KVM guest From: James Bottomley To: Matthew Wilcox , "Theodore Y. Ts'o" , Alexey Dobriyan , linux-kernel@vger.kernel.org, linux-mm@kvack.org Date: Tue, 17 Apr 2018 10:13:34 +0100 In-Reply-To: <20180415004134.GB15294@bombadil.infradead.org> References: <20180414195921.GA10437@avx2> <20180414224419.GA21830@thunk.org> <20180415004134.GB15294@bombadil.infradead.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > > What needs to happen is freelist should get randomized much later > > in the boot sequence.  Doing it later will require locking; I don't > > know enough about the slab/slub code to know whether the slab_mutex > > would be sufficient, or some other lock might need to be added. > > Could we have the bootloader pass in some initial randomness? Where would the bootloader get it from (securely) that the kernel can't? For example, if you compile in a TPM driver, the kernel will pick up 32 random entropy bytes from the TPM to seed the pool, but I think it happens too late to help with this problem currently. IMA also needs the TPM very early in the boot sequence, so I was wondering about using the initial EFI driver, which is present on boot, and then transitioning to the proper kernel TPM driver later, which would mean we could seed the pool earlier. As long as you mix it properly and limit the amount, it shouldn't necessarily be a source of actual compromise, but having an external input to our cryptographically secure entropy pool is an additional potential attack vector. James