Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp470586imm;
        Tue, 3 Jul 2018 23:56:20 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpcRzau1tZ89HYJpaFnwvGxauEYpUkv02a2yXThyzJVU16vlPWQqGmBEI4tD2Z2m+NLMQgDg
X-Received: by 2002:aa7:8645:: with SMTP id a5-v6mr871135pfo.247.1530687379985;
        Tue, 03 Jul 2018 23:56:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530687379; cv=none;
        d=google.com; s=arc-20160816;
        b=dbTVEt9c22B+Tjc9SJgtaB3ujqFcNDE4hS13TShzMvTiGr6PcDMG3eRA8/4vH9wMBr
         C1GzLJuk7NALl1hS/AuYdC4Gbi0QaDgu0NZtaNl12FPPirYE3UtVw+AMOp/mUFspxw1X
         VOuDsado0QiQdxCQsJ9ghfbWADWXhAicdox8y6YkkhtJ2Hul1oR941LYx28Dzkfh/KNf
         nvL3MEKxS8v3Nr8PHLIeSe1hdsSXv3FBqy0hfiFk0zxL+4E5fqpitLR89xg04sTV2+pM
         K7VYMalmnbgWgYa/dFTUrVVRQtUUxmbg6iFL/IrKVXKuI/lIpyloZMGgKWA2xEV/6ito
         HQoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=3JZAna4K1S7RDnyRMH+zS6EGut936NeGI9mcgaVb4TM=;
        b=LcobW8V3w9ZSd8GOefJ9fjpnu8tTleXy3u/dNmx8RxTF4+mhGIFSEb38Aj5XxgVtbO
         rEWD1bFJHVwtsHWLRyasvoDFJpgMebcsBSZvr3YNydM9qcANkD8uEGeylwPYpfbM7cnT
         DANztNqjc/7N2ze64rQTdaYKNtv47juX1BcsR927AoQT2Wg59FswXlzT9Z1YieS5RxM2
         jTW98OnyNmz+Smca42a2568rQtqnwBxdHG2c7sNRMSANduwcBqSqpBwmLjOXuiPMukKa
         c9grwLjmI9vGFi5Eo3DBCscutLWgSLW85egUWLv2qmaOpOW1XaEL2+7jCmUqADQMO07W
         1cnQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=ZtzdazhA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d4-v6si2870491pla.81.2018.07.03.23.56.05;
        Tue, 03 Jul 2018 23:56:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=ZtzdazhA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933464AbeGDGyV (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 99 others); Wed, 4 Jul 2018 02:54:21 -0400
Received: from mail-oi0-f66.google.com ([209.85.218.66]:41452 "EHLO
        mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753620AbeGDGyU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Jul 2018 02:54:20 -0400
Received: by mail-oi0-f66.google.com with SMTP id k12-v6so8726303oiw.8
        for <linux-kernel@vger.kernel.org>; Tue, 03 Jul 2018 23:54:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=3JZAna4K1S7RDnyRMH+zS6EGut936NeGI9mcgaVb4TM=;
        b=ZtzdazhAwIOwRw66FDUuCvq48j6OSYnbOdXtnRUJNcMRUa9Vv3tXUryDeKwHMxcaBm
         4IAGrn1JrRTwBFV+kf1q/l+GKhCjNz3wDI4z7Iru/R9S0we2JcgPHX5P+UmuSlUdai/J
         vlzHqahBgUV+8piFVs3cIcoWqa2v9yYBxxB/0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=3JZAna4K1S7RDnyRMH+zS6EGut936NeGI9mcgaVb4TM=;
        b=qu99aV50veiX6YziqTZHphud4mmC9+m8+MShgEPm4N/6HselomkSS6LufIVPL9DaeA
         cP9iGIskJzDE1iOCslAXy+ZUa3SmYP8RyP2A0dyv2gDWZp4Erwzh7g4z1gmEno4QyzC2
         6E6u3pj7RYP7tvLQp/xh7QWCj2fBBNoyRiiCiM4KXpVEyaBCOFQZZ9XY0925FZyllx2d
         NK5CWx1d/8o97NOTLZtq/SAq7nSemnpZTmHDrMgO3a8xOJisL885h0jYjiG2HwfKkHUu
         OfoAr2mCXFPqa//XkelnpOiUYV4Ow/jjl5fEKUpHXVGFSxvF7qMJPS4AGtrpoRf/LawN
         3mSA==
X-Gm-Message-State: APt69E2Xwvxc6xWVid4xAF8FsWo82VXn7FtTdxFinWGZECG8uW0f1I3s
        LbIdKBCiS5DFiElgy4Od4CvR0Y5BvtWLR6EMj6ZJkcllhaw=
X-Received: by 2002:aca:4ac6:: with SMTP id x189-v6mr874206oia.211.1530687259416;
 Tue, 03 Jul 2018 23:54:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:640a:0:0:0:0:0 with HTTP; Tue, 3 Jul 2018 23:54:18 -0700 (PDT)
In-Reply-To: <CAAi9uDuxS7G+DaHskGJXnvigsdzXrW64J6zy-dgQCXJvv8be3g@mail.gmail.com>
References: <20180608065438.110109-1-louiscollard@chromium.org>
 <20180618180712.GB20697@linux.intel.com> <20180618193306.GF6805@ziepe.ca>
 <20180621162101.GB11859@linux.intel.com> <CAKNRAJVJD5b388iwhoOBVC5V-x=wV2YTZHJ+mRrBWv3H-pbNFg@mail.gmail.com>
 <CAAi9uDuxS7G+DaHskGJXnvigsdzXrW64J6zy-dgQCXJvv8be3g@mail.gmail.com>
From:   Louis Collard <louiscollard@chromium.org>
Date:   Wed, 4 Jul 2018 14:54:18 +0800
Message-ID: <CAKNRAJV8Jb=n=cZTmkAUVLwYv5778ykACd7ZUhYA7rfa0Wu3zw@mail.gmail.com>
Subject: Re: [PATCH] tpm: Add module parameter for hwrng quality.
To:     "David R. Bild" <david.bild@xaptum.com>
Cc:     linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jun 29, 2018 at 9:03 PM, David R. Bild <david.bild@xaptum.com> wrote:
> On Wed, Jun 27, 2018 at 1:11 AM, Louis Collard
> <louiscollard@chromium.org> wrote:
>>
>> On some systems we have seen large delays in boot time, due to
>> blocking on a call to getrandom() before the entropy pool has been
>> initialized. On these systems the usual sources of entropy are not
>> sufficient to initialize the pool in any kind of reasonable time -
>> delays of minutes have been observed; the most common workaround is to
>> mash the keyboard for a bit ;)
>>
>> Setting a non-zero quality score causes the hwrng to be used as a
>> source of entropy for the pool, the pool is therefore initialized
>> early during boot, and no delay is observed.
>>
>
> We have the same issue on our embedded devices and thus carry patches
> in our tree that set the quality.  This would be a welcome change.

Glad to hear this!

>
> As a point of clarification (and correct me if I'm wrong), the TPM is
> always ready used to seed the rng. It just doesn't update the entropy
> pool estimate.

Good point.

>
> So, perhaps the default value for the TPM hwrng quality should be
> non-zero (in addition to the module param that lets users override
> it)?

That makes sense to me, however I can imagine that some users would
prefer to not have the TPM enabled as an ongoing source of entropy by
default.

Following on from your previous point - perhaps we can just make a
small change to how the initial seeding is done: maybe we can replace
the call to crng_slow_load (via add_early_randomness and
add_device_randomness) with a call (indirectly) to crng_fast_load. (We
might also need to increase the amount of data read at this point.)

This would update crng_init_cnt and crng_init, and calls to getrandom
[without GRND_RANDOM] would not block.

This obviously doesn't solve the issue if there are blocking calls on
boot that are querying random rather than urandom; I don't believe
that would be a problem for our use case though.

Thoughts?

Thanks,
Louis