Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp576142imm; Wed, 26 Sep 2018 03:36:22 -0700 (PDT) X-Google-Smtp-Source: ACcGV600DFoZiuJF0zGHQExL/oGQcYFifNrd18CE680BF23QkcnWPCqO44ZIr+m1SHYUTfMHRSP3 X-Received: by 2002:a62:5543:: with SMTP id j64-v6mr5549069pfb.188.1537958182019; Wed, 26 Sep 2018 03:36:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537958181; cv=none; d=google.com; s=arc-20160816; b=IExqyVSij4mQQuSl/9HwbI8VG1ypFzGY6W/iBf5hgGTAsJPkYsdQ7JabaFtY3Hgvo4 zqU96GASWl5Qc4cr7JUjv2r4fL6V8qrSPG0f/U0TzjB2K0GI63jsGu2qJEQ5wniDhONw L34slXCfGS5/GTk+g3N1iSo/YxJFBu+Hk/T5VV8/TBEnyxlfHpFpxl77h/M/fx4YppGh rq+b1zUXiNQFuE64zpDhi3ICuDOOhcOtpf2C5+Qd0Gafq/xth26Aek24XpI24Zs3mcGq B0HLqbHkydK2E7DSZXb2mkd37sk2toKzQw9WxAQMJ6XsHtkgtIFflKACv6t9TRJr4zaB j0rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=xHsspJVqNZhuzR4PiHNlZkixMPzDFC1OXuYNF60TYrE=; b=toIJVA+2WuKhQKMz1XD/ugtuLTxMMLDbygsSWFLL3hx47R+030D2DDUbTTQmcPDz9N T5Ip5ZEhlWALVWwiNN9zzNEbBLRetaRhHyAvAnxqKzhXJ2/pZBH2bL0+dFUqR8umF0kd ySjjin5y0UxYWM91m1FqkOlLp9Nhz8ZakeYCQyXf2pjJwm6KT/de9/0yzyJf6XS8W9ua I4FBcwf2tVDDWhXFzwAf72Lvb49RpusdaRs9Zvzufpny4M7P3zi8wT/20XuW7Ksv+6eT aJa1BA/OAe8ySjBYlyOu7Ntd9GqE5B5yarn9AO8k3K1pDr0XDfyqLqEv/9HZaQemY5EF egRg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r7-v6si4833158pga.77.2018.09.26.03.36.06; Wed, 26 Sep 2018 03:36:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727530AbeIZQrp (ORCPT + 99 others); Wed, 26 Sep 2018 12:47:45 -0400 Received: from mga12.intel.com ([192.55.52.136]:20160 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726915AbeIZQrp (ORCPT ); Wed, 26 Sep 2018 12:47:45 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2018 03:35:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,306,1534834800"; d="scan'208";a="76312337" Received: from imahmed1-mobl2.ger.corp.intel.com (HELO localhost) ([10.252.50.69]) by orsmga008.jf.intel.com with ESMTP; 26 Sep 2018 03:35:23 -0700 Date: Wed, 26 Sep 2018 13:35:21 +0300 From: Jarkko Sakkinen To: Louis Collard Cc: linux-integrity@vger.kernel.org, Arnd Bergmann , Greg Kroah-Hartman , linux-kernel@vger.kernel.org, apronin@chromium.org, Jason Gunthorpe , david.bild@xaptum.com Subject: Re: [PATCH] Allow hwrng to initialize crng. Message-ID: <20180926103521.GB4885@linux.intel.com> References: <20180926032455.224600-1-louiscollard@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180926032455.224600-1-louiscollard@chromium.org> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 26, 2018 at 11:24:55AM +0800, Louis Collard wrote: > Some systems, for example embedded systems, do not generate > enough entropy on boot through interrupts, and boot may be blocked for > several minutes waiting for a call to getrandom to complete. > > Currently, random data is read from a hwrng when it is registered, > and is loaded into primary_crng. This data is treated in the same > way as data that is device-specific but otherwise unchanging, and > so primary_crng cannot become initialized with the data from the > hwrng. > > This change causes the data initially read from the hwrng to be > treated the same as subsequent data that is read from the hwrng if > it's quality score is non-zero. > > The implications of this are: > > The data read from hwrng can cause primary_crng to become > initialized, therefore avoiding problems of getrandom blocking > on boot. > > Calls to getrandom (with GRND_RANDOM) may be using entropy > exclusively (or in practise, almost exclusively) from the hwrng. > > Regarding the latter point; this behavior is the same as if a > user specified a quality score of 1 (bit of entropy per 1024 bits) > so hopefully this is not too scary a change to make. > > This change is the result of the discussion here: > https://patchwork.kernel.org/patch/10453893/ > > Signed-off-by: Louis Collard Acked-by: Jarkko Sakkinen /Jarkko