Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1117873imm; Wed, 18 Jul 2018 17:20:56 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcsWwwD7EKGNY/I2b7gozxe6OkinH0H6VaYroBQ78MfwEtaMAtyLAPlAqpK5NJkzYpjZC5+ X-Received: by 2002:a17:902:8d96:: with SMTP id v22-v6mr7821003plo.176.1531959655960; Wed, 18 Jul 2018 17:20:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531959655; cv=none; d=google.com; s=arc-20160816; b=mmowNOL1QRGxlPqLz8o+ZarX/DRhGpMYzT1d6AvkZ0nhxSHCOvxkll1RbKJX+YMZnp q7igMg5NjiVhw1P4d0Z1XIT4SKTlz0o+xmDJdzRgXVrlZpcIUnPhssznAxISbLEyBPx/ ZZ7O9qu8Q4nhJNbJrZb9fmMjwMbwGy7JO0uCFvmSTXd0eW+EoM6OWlvfe++cLXgD7TiJ +zGG39FJ4c583Qw821TnBHa5FgeznWJommKNjF8kVOjtiblJFjXc2jJmG/evNx5toXKF fx51J0mlODz8zNCehLuR2UGyjo13k/bLEJjZzWzUFdEvqpo1PGLfJoJclimNKxNxw9/U AQng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=AePPAynY3ujVl4sfgtjGAzbDeABn58A2Sz2hVU1S3EI=; b=g1qm8O5yN9+EoxyF7mPPQbcJhN4gdj4FeZ6VnbCCQS2Wyq+5JNEs3PfYK/FJW23yGt wkjRovdAdlmzliY4ZAPevgGGMwWtC91W19OtK74MXWeUllfZ2rxNPl6mMhytuarorf5D LCr9DCRVGDB3QWX5SPJQKd8OjiClKo058ezK60Mb7BQrX+oztvSIxxa0gj7qIBcqDo/8 qdzQppQufOARo4HufaepmdY3GUv47Y11oeqDZ7JvzryZlMf6dyUZO+WiTCZfjt1K8rQ8 GKhSdWrq5CvPIzLBVJgvBOomVxY+QUMSEZoco1wZPeZWq1PZ0ShytumSykIm+tXq+iTU TWag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20161025 header.b=UlNUF0KF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o6-v6si4122041plh.158.2018.07.18.17.20.41; Wed, 18 Jul 2018 17:20:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20161025 header.b=UlNUF0KF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730755AbeGSA7v (ORCPT + 99 others); Wed, 18 Jul 2018 20:59:51 -0400 Received: from mail-vk0-f68.google.com ([209.85.213.68]:46794 "EHLO mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730521AbeGSA7v (ORCPT ); Wed, 18 Jul 2018 20:59:51 -0400 Received: by mail-vk0-f68.google.com with SMTP id b14-v6so3483010vke.13; Wed, 18 Jul 2018 17:19:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=AePPAynY3ujVl4sfgtjGAzbDeABn58A2Sz2hVU1S3EI=; b=UlNUF0KFb0tQoj7TVKSJWFFVRGaNTfnkdN5I77CD1X5aaV/26pnLiPX467UJa9KB2z 7OPBvwrCOn1OkgfI4I4EPvndamyhPiAnXF9PtAOcuOkrzLYgzT6hzHazu/xyUo+rdCZT yn1DFSHa2PyqYVTnIv7m9a7RjQyeS6u9AyyIXdcImdbIZpS1fYPmgDDtK46eQuWtz1sl 9Kgz038nBoaMtDlJyXQ65I+uK2Ks3BpaOzgxlZRczk2tehx9mbgZReP08G73EizewlRi X560H/6G6T0U5HGUAG4lnbV5K1BcD2voOe6ogJ+MnNSBCiTiPbOVBHXB7HYCNC49t0tJ 4IBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=AePPAynY3ujVl4sfgtjGAzbDeABn58A2Sz2hVU1S3EI=; b=tpUFULqh4nONrYN+4PIy65K33kcD2WgGu0eEt9vuIJ1B/SqDdCKzzcRcQa2qTqeExZ d3GPHMxmF5dXv525gr6CxtewYK0LVhiwJRJC1M/XxE/q4ZVoSdf0qHuzzjDyowVbQXcL jWqvFfDGswdbiM3mpcJxbSKr3UaN1k1HqbqS+4EzPohTez3QtE6yAyhjzy9YAY+yOYdH fj9xY/znzhojzRB/o10/bt5Szv6l7a5gA7n/rwXa6853b0MAt1mKTH6TqNdIdkFp3yPu bhpC95fu68zGYn1c0Uhcfc1ZJX35JImw3X/7l610ES1KhDaMAIsfEQRx31vePoFfQycP h9+Q== X-Gm-Message-State: AOUpUlEB/dhvzod5O29VhWGdufJls33BpJ63f7QJAWL77/TEjQDPA0gn BiC2ofJxqx2U1+q1cJhw0BdXyPunsdB55Bi3FPE= X-Received: by 2002:a1f:bf0d:: with SMTP id p13-v6mr4638482vkf.169.1531959567895; Wed, 18 Jul 2018 17:19:27 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a67:d012:0:0:0:0:0 with HTTP; Wed, 18 Jul 2018 17:19:27 -0700 (PDT) In-Reply-To: References: <20180718014344.1309-1-tytso@mit.edu> <20180718015154.GE3489@thunk.org> From: Ken Moffat Date: Thu, 19 Jul 2018 01:19:27 +0100 Message-ID: Subject: Re: [PATCH] random: add a config option to trust the CPU's hwrng To: "Theodore Y. Ts'o" , linux-crypto@vger.kernel.org, Linux Kernel Developers List , labbott@redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 18 July 2018 at 18:21, Ken Moffat wrote: > On 18 July 2018 at 02:43, Theodore Ts'o wrote: >> >> This will prevent getrandom(2) from blocking, if there is a >> willingness to trust the CPU manufacturer. > For me, it seems a price worth paying. I've got bigger problems than > _worriying_ about my government, or yours, spying on me, so I'd like to t= ake > the risk. > Sadly, my enthusiasm was premature: the Kaveri doesn't have a hwrng. So although I've enabled the device under the HW_RANDOM options, nothing comes out and this "fix" will only work for some machines. For me, I'll have to go to plan B (revise the bootscript and/or patch unbou= nd). I see that Nixos seems to bind /dev/urandom to /var/lib/unbound/dev/random so I guess that ought to work. Sorry for the noise. =C4=B8en