Received: by 10.192.165.156 with SMTP id m28csp1744527imm;
        Tue, 17 Apr 2018 04:58:40 -0700 (PDT)
X-Google-Smtp-Source: AIpwx48zAX82aJSu/ybBziOjyUQ5K0aFwgtxDOUCqDS8t5MWjt89NHpiVF2TWy0XGMxyzJ3T2J6k
X-Received: by 10.101.76.77 with SMTP id l13mr1527123pgr.192.1523966320168;
        Tue, 17 Apr 2018 04:58:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523966320; cv=none;
        d=google.com; s=arc-20160816;
        b=UuHt5H7U9Imi5qIzbtv+tnvbnTmndG43oDejGXT2YcdYHOmCV/WYq21UxYzt8DNlEN
         pRlW5+XI27XaBpAKBS1lAICgi5rotxM/yurgl257vVpslZ+EUb5wmCr/I6w7b8GX4zED
         FiX2ObiRD+VoQAXtHDhSTMZAd4ALJoVDljSrgFHqhs+XhDTCXuaWkiVQctW4q98Kq3e9
         1Dnx6kHe7qA0aO216kd/Bu8Itpl7Rl5nBMd3ziYPKtPUV+Yg8/Q0rGkfcs9AmoJjr2Le
         vdpumKchkOXw+xUsz8aB0VgtS6/DMC0jimSqeMd80pmMqXSEeAv1b2zMjWqIXf3cahW0
         +X8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature:arc-authentication-results;
        bh=QwCs5CsjFf9SglVM3VuIXcJKaBVa3aDzktQ+o/HMMjU=;
        b=jvP/CTnanFk0uY71Taa3QBMwl5AVDy5AtjlWas1jbLy8SY00T6oLnnSKn8Hav4wfuF
         yvBCT1EgUoBYlVidFnvUKtZLf3BDSRuBArEIQB4Iz7hCSl4nNt9dZMBS1E+OkE34rbMP
         ip8dkLbpEdQUUfQCOx2Mys072VuZjt6VcNY9SmPhVqPksG4noIJa4CGcAxT4nInq+TZa
         NkMQsyYWS8fm1ADWyhaYtNDWYz81pzSs2L09JaBpNL++VZgk2YXUUkbdpv69yrdQdTJ7
         hfE5KNB46+25Yd70+VcsQSapk0rGafA3xBrr/6R7c1p4bz2vR3l9LYGV7QmEiHxfk27A
         6gBQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=GekHXa+H;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a21si12245672pfi.349.2018.04.17.04.58.25;
        Tue, 17 Apr 2018 04:58:40 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=GekHXa+H;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752765AbeDQL5R (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Tue, 17 Apr 2018 07:57:17 -0400
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:50610 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1752546AbeDQL5Q (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Apr 2018 07:57:16 -0400
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id C1B918EE264;
        Tue, 17 Apr 2018 04:57:15 -0700 (PDT)
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id y5F1aM4Zp6Y4; Tue, 17 Apr 2018 04:57:15 -0700 (PDT)
Received: from [192.168.0.46] (cpc91566-seac25-2-0-cust518.7-2.cable.virginm.net [86.0.94.7])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 7FEDD8EE0E2;
        Tue, 17 Apr 2018 04:57:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1523966235;
        bh=9j63GEeFEgZgH6xqcSXsDXp6ReG1atLDABa69gsTzLg=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=GekHXa+HFqh9x88ZMxqvFQ7WtCOWqS6J0uqBXOOgXxySfPVtudeAImcjZmtk3DOO+
         XYKQL5pukJpRWNIkCfFxpyQd31+8+RSGmIxvfT9PIAYmSlXYDVThJ/EvM7oQzon2MV
         GlV8ZpHnqCVLXu4AldU4EIkKNHRoR01cHJSHSED4=
Message-ID: <1523966232.3250.15.camel@HansenPartnership.com>
Subject: Re: repeatable boot randomness inside KVM guest
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Matthew Wilcox <willy@infradead.org>
Cc:     "Theodore Y. Ts'o" <tytso@mit.edu>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        linux-kernel@vger.kernel.org, linux-mm@kvack.org
Date:   Tue, 17 Apr 2018 12:57:12 +0100
In-Reply-To: <20180417114728.GA21954@bombadil.infradead.org>
References: <20180414195921.GA10437@avx2> <20180414224419.GA21830@thunk.org>
         <20180415004134.GB15294@bombadil.infradead.org>
         <1523956414.3250.5.camel@HansenPartnership.com>
         <20180417114728.GA21954@bombadil.infradead.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.22.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote:
> On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> > > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> > > > What needs to happen is freelist should get randomized much
> > > > later in the boot sequence.  Doing it later will require
> > > > locking; I don't know enough about the slab/slub code to know
> > > > whether the slab_mutex would be sufficient, or some other lock
> > > > might need to be added.
> > > 
> > > Could we have the bootloader pass in some initial randomness?
> > 
> > Where would the bootloader get it from (securely) that the kernel
> > can't?
> 
> In this particular case, qemu is booting the kernel, so it can apply
> to /dev/random for some entropy.

Well, yes, but wouldn't qemu virtualize /dev/random anyway so the guest
 kernel can get it from the HWRNG provided by qemu?

> > For example, if you compile in a TPM driver, the kernel will
> > pick up 32 random entropy bytes from the TPM to seed the pool, but
> > I think it happens too late to help with this problem
> > currently.  IMA also needs the TPM very early in the boot sequence,
> > so I was wondering about using the initial EFI driver, which is
> > present on boot, and then transitioning to the proper kernel TPM
> > driver later, which would mean we could seed the pool earlier.
> > 
> > As long as you mix it properly and limit the amount, it shouldn't
> > necessarily be a source of actual compromise, but having an
> > external input to our cryptographically secure entropy pool is an
> > additional potential attack vector.
> 
> I thought our model was that if somebody had compromised the
> bootloader, all bets were off.

You don't have to compromise the bootloader to influence this, you
merely have to trick it into providing the random number you wanted. 
The bigger you make the attack surface (the more inputs) the more
likelihood of finding a trick that works.

>   And also that we were free to mix in as many untrustworthy bytes of
> alleged entropy into the random pool as we liked.

No, entropy mixing ensures that all you do with bad entropy is degrade
the quality, but if the quality degrades to zero (as it might at boot
when you've no other entropy sources so you feed in 100% bad entropy),
then the random sequences become predictable.

James