Received: by 10.192.165.148 with SMTP id m20csp310691imm; Thu, 26 Apr 2018 22:22:10 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqinVx9KmZatK5yZTRj2eCCo+tYE5H5dACQjMQlgguuSdkWWV3p9yLSPDnC8cvw6J6236Zh X-Received: by 2002:a65:628a:: with SMTP id f10-v6mr903343pgv.6.1524806530193; Thu, 26 Apr 2018 22:22:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524806530; cv=none; d=google.com; s=arc-20160816; b=bLty4Ooi3ruI/zBaG+RBmBQIzi59wFXUgdOucWRMW6F3lHO3qklbTAdoENlLvpo6J0 dyHegt/Y3TTs4akVWnsrLIUKgKyd5YsRl06b0+sCtp/mk6OLJb3J9VojILI1FRH2o+T9 1PlxlU7xogZYFJqDYW5/JkeV7SFG7VtezFWebG/35ogT2tK7if3Ar06AuaG9laFOZ0f2 sEXPn34voRt6hHYVoHeyKrBvkjVETVSPCgm8BPe5426V4kWKtC3cfFPRC32s2Ro4jxB+ Lnm2pme7o3Jc7LRBiRGfOkON6ENUJX2fOazNnACTsEH/XfbYlmvXqV87Kc0TqsJvIdSe fKNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:dkim-signature :arc-authentication-results; bh=XPk/ct5BfkxF0JF4d+qAT+kT9M/vmbNIDTMJwO14r3Q=; b=wDp/B1hJPyRLRPAkKfNegOQqJyNgGvNyf26GxJ1Ew1L3XD4D9AjJDQ8Yg7EbZu5yY1 WYt7zQEUppG3znMZCoJK6AiuZw+rWOqsrvBEOZu0sDAuNgfmG6TR6TUyi6pvSOO6YwK0 jnNVkDuAwMp8mA84FzmylauvkDQJ7KmS/4oohHV9dSsBVPtKbov4r1AnVopLB46JI3ZT wVUy8zj42arwm2BX2C1mLJDJxhThTbGlhXXbNxyR5+1zNJScXbjFqbJlRtRChPwLSxsL XNS7puEukRP1O2YG+EvwsH+UiO/rGaQUc2hBZhRjVsBdzQ+uits4u+WVkcBRjpH5Z7ht Iu+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=H8iWgoGV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m11-v6si546714pgs.73.2018.04.26.22.21.55; Thu, 26 Apr 2018 22:22:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=H8iWgoGV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752718AbeD0FUu (ORCPT + 99 others); Fri, 27 Apr 2018 01:20:50 -0400 Received: from mail-ot0-f181.google.com ([74.125.82.181]:42510 "EHLO mail-ot0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750982AbeD0FUs (ORCPT ); Fri, 27 Apr 2018 01:20:48 -0400 Received: by mail-ot0-f181.google.com with SMTP id l13-v6so725386otk.9 for ; Thu, 26 Apr 2018 22:20:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=XPk/ct5BfkxF0JF4d+qAT+kT9M/vmbNIDTMJwO14r3Q=; b=H8iWgoGVTe/QkgtJGpivdntRYtD7KPN/5GqLwtrawYuKS4PrOnvGQbVqWGI0JWOdxM M3NySsBEU+MRQZYNU8sQSjX8dfx+3dxXZ0e2PAnKsSVDSz60mu3zNXV69ugaBrrmgYTm 1q+qrI9LotdDbK0hWR8kNLJKy7c8L7tljuSwOc1oqeDDsHkppj93JhYn54v4H+bym6SA Ssty6MsoTxjf1OX4RVATFUg1c0TeSl7q3d4RCCAUETfWs+xHRT+HUMj8XGVhWdEvY0JQ TSKf6go1YxRtKKOk0bCCHOJoBVRUs/E+w6PFFmfmbuuUSsSOh8yjPcDlvMhjotRAftM+ w0fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=XPk/ct5BfkxF0JF4d+qAT+kT9M/vmbNIDTMJwO14r3Q=; b=KmDWhmqKPukcEyP1mwV2QxyiIfibQ3wxF8q5ha0sloWVTyvrfFyhgcV/m4aUx0fWy0 PzvmfbZNvwIZ4XFFLH/eaHs2+rstNccjjGumhWvDF1hq5/Kn5a5Qr0L87vJNVOItcU8t +u7K7TYyCT5tj9A+9kRlmmJUrRe0QNGNDM1e2vgXXd9twCy7IrIgXMkt6VmJ4pW27W9C sA45yo6uu0j5jypSSBSiqzV+7ZZZi3uHAPXZwZPf/+t2tkfQfleXCnQ+q1JjghIfQ7gu txq/GoeniouzeiTBGsQUj5HAkHSXHIT/Cc6wK8dER6jbebFSOEVRlPjPsRfpZaXfYMgl 1gjw== X-Gm-Message-State: ALQs6tDyYM1zd9rqN0PWxQlkG7v3zOx0G1G5st2ayPBJtoRvwfGeckOQ xWiaJUAK3rkAHZ6Zj6FbMxQ= X-Received: by 2002:a9d:de2:: with SMTP id 89-v6mr498211ots.269.1524806447804; Thu, 26 Apr 2018 22:20:47 -0700 (PDT) Received: from [10.0.0.11] ([107.193.118.89]) by smtp.gmail.com with ESMTPSA id u23-v6sm283405oiv.45.2018.04.26.22.20.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Apr 2018 22:20:46 -0700 (PDT) Subject: Re: Linux messages full of `random: get_random_u32 called from` To: "Theodore Y. Ts'o" , linux-kernel@vger.kernel.org, Jann Horn References: <20180426050056.GF18803@thunk.org> <20180426073255.GH18803@thunk.org> <20180426192524.GD5965@thunk.org> <2add15cb-2113-0504-a732-81255ea61bf5@gmail.com> <20180426235630.GG5965@thunk.org> From: Sultan Alsawaf Message-ID: <3eb5761e-7b25-4178-0560-fba5eb43ce6a@gmail.com> Date: Thu, 26 Apr 2018 22:20:44 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180426235630.GG5965@thunk.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > The CRNG changes were needed because were erroneously saying that the > entropy pool was securely initialized before it really was. Saying > that CRNG should be able to init on its own is much like saying, "Ted > should be able to fly wherever he wants in his own personal Gulfstream > V." It would certainly be _nice_ if I could afford my personal jet. > I certainly wish I were that rich. But the problem is that dollars > (or Euro's) are like entropy, they don't just magically drop out of > the sky. > > If there isn't user-provided entropy, and the hardware isn't providing > sufficient entropy, where did you think the kernel is supposed to get > the entropy from? Should it dial 1-800-TRUST-NSA? > > From the dmesg log, you have a Chromebook Acer 14. I'm guessing the > problem is that Chromebooks have hardware tries *very* hard not to > issue interrupts, since that helps with power savings. The following > from your dmesg is very interesting: > > [ 0.526786] tpm tpm0: [Firmware Bug]: TPM interrupt not working, polling instead > > I suspect this isn't a firmware bug; it's the hardware working as > intended / working as designed, for power savings reasons. > > So there are two ways to fix this that I can see. One is to try to > adjust userspace so that it allows the boot to proceed. As there is > more activity, the disk completion interrupts, the user typing their > username/password into the login screen, etc., there will be timing > events which can be used to harvest entropy. > > The other approach would be to compile the kernel with > CONFIG_HW_RANDOM_TPM and to modify drivers/char/tpm/tpm-chip.c tot > initalize chip->hwrng.quality = 500. We've historically made this > something that the system administrator must set via sysfs. This is > because we wanted system adminisrators to explicitly say that they > trust the any hardware manufacturer that (a) they haven't been paid by > your choice of the Chinese MSS or the US NSA to introduce a backdoor,i > and (b) they are competent to actually implemnt a _secure_ hardware > random number generator. Sadly, this has not always been the case. > Please see: > > https://www.chromium.org/chromium-os/tpm_firmware_update > > And note that your Edgar Chromebook is one the list of devices that > have a TPM with the buggy firmware. Fortunately this particular TPM > bug only affects RSA prime generation, so as far as I know there is no > _known_ vulerability in your TPM's hardware random number generator. > B ut we want it to be _your_ responsibility to decide you are willing > to truste it. I certainly don't want to be legally liable --- or even > have the moral responsibility --- of guaranteeing that every single > TPM out there is bug-free(tm). > > - Ted Why don't we tell users that they need to smash their keyboards to make their computers boot then? And if they question it, we can tell them that it certainly would be _nice_ to not have to smash their keyboards to make their computers boot, but alas, a part of me has a feeling that users would not take kindly to that :) I noted at least 20,000 mmc interrupts before I intervened in the boot process to provide entropy myself. That's just for mmc, so I'm sure there were even more interrupts elsewhere. Is 20k+ interrupts really not sufficient? There are lots of other sources of entropy available as well, like the ever-changing CPU frequencies reported by any recent Intel chip (i.e., they report precision down to 1 kHz). Why are we so limited to h/w interrupts? Sultan