Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1947556imm; Sat, 4 Aug 2018 14:53:44 -0700 (PDT) X-Google-Smtp-Source: AAOMgpchpzRCK/2ae+AhRGN4+Lx9N5AZP25H7OYY/fw54x1h7JVM419ZlO56ov0UJE6RP0VR+jnE X-Received: by 2002:a63:4924:: with SMTP id w36-v6mr8951195pga.143.1533419624254; Sat, 04 Aug 2018 14:53:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533419624; cv=none; d=google.com; s=arc-20160816; b=mwdYh9V+3I+IStpPqTWvc9kYj0XPQHXzavTHrOvG9OI/nJBYNuVZob80e7YJGfPekQ fe1xIeMUA3lzf7sfcVFX2BFukdDfLKJK/7CRZjU1G0q6Vi1QgrYzUDfUtg0+gY/tQwVX rMcGj3UXiTUzRdS1QAUlep1/Dymby+/HCSOTMCpoA/p4Xz5UkY7bJvb/wf+jydWQn1k/ 3rYm76Npz/BKdjA38yvBOXbGfvMhXU9UsaVL7dA29bZuSbyr7sy7WNvmbOutwYkR0+4d 14oVBUinxyjs/eE81V0LIXnecK3o5qbl3EjSH4xeTtsqu6UgDhunE08pwhkw/TlKpKyj cTDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:to :from:date:arc-authentication-results; bh=xbL0hH2Js3EwaaE3dg+Y2QrAQNQDaLWtX9V2wqq40XU=; b=W6fCrXV3X7PC8ojJD0q2se1qM671eF2/13MqtRm3dkzX9NS786OO9uUXrmcMSsaERO 8NKpmQP68WIEFAiL9k0Maxe5wps8e49iil1vh5xF12z+MNOoeeFVFfpZsKRkxNAOkzSk gNSUrUAXVary4rQZoVtrZpdqJo284262ItSQrAM9zpF1rpdfvRyHjq8XkiQUWWok5IDe RkM+Tqx9Jzf38LL5p/ummMwal2pDiH8LQW2D3lGZGYaoPt7NLVs79+cLbYL9k2vSUDTw 6+/XaRQDhMiMJFHp0NFl+IIj2g7WyM1/WFaKbWiYd6HMTP/h2zDg/9T6TkxwaFzlYlYN uBDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e14-v6si8026923pgg.345.2018.08.04.14.53.30; Sat, 04 Aug 2018 14:53:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729744AbeHDXy2 (ORCPT + 99 others); Sat, 4 Aug 2018 19:54:28 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:38271 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728882AbeHDXy2 (ORCPT ); Sat, 4 Aug 2018 19:54:28 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id D621880680; Sat, 4 Aug 2018 23:52:20 +0200 (CEST) Date: Sat, 4 Aug 2018 23:52:10 +0200 From: Pavel Machek To: "Theodore Y. Ts'o" , Yann Droneaud , linux-crypto@vger.kernel.org, Linux Kernel Developers List , labbott@redhat.com Subject: Re: [PATCH] random: add a config option to trust the CPU's hwrng Message-ID: <20180804215209.GA3201@localhost> References: <20180718014344.1309-1-tytso@mit.edu> <37046662f2b38f98854abfa1b5868a27c3fa0888.camel@opteya.com> <20180718142625.GA5942@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180718142625.GA5942@thunk.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! On Wed 2018-07-18 10:26:25, Theodore Y. Ts'o wrote: > On Wed, Jul 18, 2018 at 09:22:13AM +0200, Yann Droneaud wrote: > > > > The text message should explain this is only relevant during > > initialization / early boot. > > > > The config option name should state this. > > There are other workarounds for hangs that happen after initialization > / early boot, yes. They are of varying levels of quality / safely, > but that's neither here nor there. > > However, enabling config option means that the CRNG will be > initialized with potentially information available to the CPU > manufacturer and/or Nation States, and this persists *after* > initialization / early boot. So to say, "we're perfectly safe after > we leave initialization / early boot" is not true. This should really be explained in the help text. I assume that after 10 seconds of moving mouse, user is safe even when rdrand is backoored? (Plus, I'd say this should be kernel command line optiom, not config option...?) Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html