Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp591280imm; Wed, 18 Jul 2018 07:28:26 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfSqxKfjT633V8ozr/tMsGXypkXJvWO71l/Pud/n6QoHM9pxOGmG2LTahZbWRIT501ea5kw X-Received: by 2002:a63:f45:: with SMTP id 5-v6mr6154333pgp.447.1531924106126; Wed, 18 Jul 2018 07:28:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531924106; cv=none; d=google.com; s=arc-20160816; b=O/YuJdPhh5caYWgl3COtY/ne1QhNSLndgfewtuO3aJgul+BQ/oQlvUTUTlfo2yLrRv NspqctFe9DWe/5p74Dc2lyHDeH3S8bPDKLR/EV4/Bqja+7AF9grIBfQ6M2vpuxnjeDqE OyDXjvzm8WfK43nWBPoqbsE0kRXNZ5YTpB8WgoR5AtnsVgDu4L+RyBXPZzqmiJWN8zV9 9tzjn9gYxEK0H8sYnUtCa18ZDMKK/vNHl0Yv0+56Nu9ega0k93w4djA0NmpqqzeOuJ6E g9FpDPoB4kNXwROqqfE4qvW+FmtfgDYjLZfytlLP+onBAGV8R8dfI6kVVKia6Cz5KUqF 34zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=PCBwdRZ1mcUvHLqdmdrQtlawWulAYCxtHc+C8zCeC9Y=; b=NhbENS14vnjnaCSE6YpNfXUdErtRM5W3Bs1wrXh4z+++qeLlTcklOrN4t8YojYUqd6 meiMeCn7iK+cYMScvoTIaLN8jNPc0CQ3Ul2LQdytrdQntoMzonzm9kR9YfP2gKccOzYJ owJwJRr2BGiwHMHtRFDQRuxzAwDi9S0kaRiQ42SndOtql29X0yxS49+lqIaM6JiEv1Ka 973Zc+EOkKtGAmsSGzD2pv6e9e1H1zfDAeGeBtd3I7bpdtmrRkfQy2v81WnED3paWg7M PNq6V41ihFCmpH8yZqy9REqZdkInnnxXec9CrUvYRiz+au0UyeHElyCP6GkINDAH62QB +OCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=mOoiE35u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 34-v6si3435310plc.346.2018.07.18.07.28.11; Wed, 18 Jul 2018 07:28:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=mOoiE35u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731059AbeGRPEn (ORCPT + 99 others); Wed, 18 Jul 2018 11:04:43 -0400 Received: from imap.thunk.org ([74.207.234.97]:57080 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730123AbeGRPEm (ORCPT ); Wed, 18 Jul 2018 11:04:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PCBwdRZ1mcUvHLqdmdrQtlawWulAYCxtHc+C8zCeC9Y=; b=mOoiE35uSNXdjpyLqyDnO6La/6 FeCPYM7PsBEbSRedjRj0WQuiPSc4QOlO3eExK1HIURJ/fbLhWywkCE9aa0Jc3jaTE/uadSzYL3gHx gwmcaPou/RIT0CCFfSdJO+AbgmSd+jo2mslqQTLbcJpNheMUQUAb034Dp/rYKHsEIii8=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1ffnPP-0003Jy-Nh; Wed, 18 Jul 2018 14:26:27 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 52BC77A6404; Wed, 18 Jul 2018 10:26:25 -0400 (EDT) Date: Wed, 18 Jul 2018 10:26:25 -0400 From: "Theodore Y. Ts'o" To: Yann Droneaud Cc: linux-crypto@vger.kernel.org, Linux Kernel Developers List , labbott@redhat.com Subject: Re: [PATCH] random: add a config option to trust the CPU's hwrng Message-ID: <20180718142625.GA5942@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , Yann Droneaud , linux-crypto@vger.kernel.org, Linux Kernel Developers List , labbott@redhat.com References: <20180718014344.1309-1-tytso@mit.edu> <37046662f2b38f98854abfa1b5868a27c3fa0888.camel@opteya.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <37046662f2b38f98854abfa1b5868a27c3fa0888.camel@opteya.com> User-Agent: Mutt/1.10.0 (2018-05-17) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 18, 2018 at 09:22:13AM +0200, Yann Droneaud wrote: > > The text message should explain this is only relevant during > initialization / early boot. > > The config option name should state this. There are other workarounds for hangs that happen after initialization / early boot, yes. They are of varying levels of quality / safely, but that's neither here nor there. However, enabling config option means that the CRNG will be initialized with potentially information available to the CPU manufacturer and/or Nation States, and this persists *after* initialization / early boot. So to say, "we're perfectly safe after we leave initialization / early boot" is not true. So I'd much rather make it clear that we are trusting the CPU manufacturer far more than just during early boot. Cheers, - Ted