Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1601546imu; Thu, 13 Dec 2018 19:14:53 -0800 (PST) X-Google-Smtp-Source: AFSGD/UIvKUXIwFb5yivJuJHrrwtAaFLkXydtUDV/moNhhZrBVlmy7Dr/ZG0SyVF3bL5FhKjgbM1 X-Received: by 2002:a62:36c1:: with SMTP id d184mr1311122pfa.242.1544757293006; Thu, 13 Dec 2018 19:14:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544757292; cv=none; d=google.com; s=arc-20160816; b=aQEGt64cLCrv3dIZv4SkMmVRZMyEwEhfFv6emY50+dEcq79jMlC9wGxqEUOn8FAy4d DJupmaP4rJKhhgE3zn4biSeWg8LKUt8ccXVXBCGtjwCUqgtn7KOB547ko+VFXcO/oENj PJ//JJQHZtYk6WkcARqx4NUxg0Ojypy0L1Yycj4m/zRc4T+UOKUct807Lvy4TK2F9Ucv IC2d0SWIhmA16GISt47YMlYFu6xoKSEWW4wy7TBwkB2OAgQV5L2wdXMMZKy90SBby0Zo lYI9m1cYgzcVguQuJRBGwd/kQ4GB2oHlt62ULH4xKPZKcDOXyda6k9lau+BdjTRIlTKU MvLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=2AfwIEnQV2gcX8K8XHGh8E/wqLeCY++AnSbUXsIpU2c=; b=QkgNGAIXywZhYmtkN8e3q8IzxKFKEEw1Josqv0T3a8cX+c2P8TesBdPt241HDKCbD7 msQvVw+spKCBcb9mkjDesIi22XDRoZ0pWcQ4LGApn4Dhwfk7G1OUUFd1ONiDv0lAsTyU LHJj5kiPaecr02DKZm9Oqjdz/U+iF2YWxXW7uLHOyhOYEukL9tppKIR7xoCWkNhQidbb 77FqOMcDZ0HSTx89FHXnQyJeOrIz5Vgk19gJKgcQbdCzxx1364QQD+E4FUh9eFVYyKuu mqzqjr3py/CQe97CN5S0j58++xFJuC+p4Eim7rjwCh72+J5IJopGJ/Gu54O8JvEUgEaq F95w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=KmTFleu6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 135si2512436pge.572.2018.12.13.19.14.23; Thu, 13 Dec 2018 19:14:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=KmTFleu6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727693AbeLNDNE (ORCPT + 99 others); Thu, 13 Dec 2018 22:13:04 -0500 Received: from mail-ot1-f68.google.com ([209.85.210.68]:36514 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727343AbeLNDND (ORCPT ); Thu, 13 Dec 2018 22:13:03 -0500 Received: by mail-ot1-f68.google.com with SMTP id k98so4118830otk.3 for ; Thu, 13 Dec 2018 19:13:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2AfwIEnQV2gcX8K8XHGh8E/wqLeCY++AnSbUXsIpU2c=; b=KmTFleu6s7QFI9N9hsdNGhj08R5mdgXPTiCheMRFKW+UCaAnytRG+HPrPFP+30N1sT LhznwPwH44sZ5YMkPx+VU4Gpf+n1zXrI2CbjSWa24VVPcaBjzDYLFA2fFhFdcBoBHXlZ n8t1JTlsknOR9Xr97awexslC6TLdu5UqQrlLY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2AfwIEnQV2gcX8K8XHGh8E/wqLeCY++AnSbUXsIpU2c=; b=J7a6AE598vgmdmP/01hp2Czu7kFwohctFTquHvBsWxK/leDOWxJHAVAZKaVxhG4pGp ROVlUHTJu1XDqE6FV4RF7N1291bZvpOhBaLdTrYxm9xs9Hp98nyodJHkhynqmM8X3p9L HBzz3nrn75L00H3U6m+eoJPbE9qZo1JensxX1ELYZFNK70lWBw0av/kiTquOX4pvt0fg Y1lwWLEYRgfbcdEjpXNOJFFAfslT+9tCGNvEvRA0lxEqGli9s+qH6BXgtFn+uMy1a2CL u841LVbyzwD5PMElXcScyVTj78hKJiTnA2JEYyjIqKI4a9JOXHoVvf381FE3o//zY6J9 OB5g== X-Gm-Message-State: AA+aEWaHHuc3VfaI6je1W7nQwM7vPFouWtb8p9DMES5+1yPcrTLRnvoI faDOhT10pgciYs2KZ+8f6hkd9E9mJwVFWaK+SJlCKA== X-Received: by 2002:a9d:22e2:: with SMTP id y89mr941032ota.108.1544757182542; Thu, 13 Dec 2018 19:13:02 -0800 (PST) MIME-Version: 1.0 References: <20181213091848.81327-1-louiscollard@chromium.org> In-Reply-To: From: Louis Collard Date: Fri, 14 Dec 2018 11:12:51 +0800 Message-ID: Subject: Re: [PATCH v2] Allow hwrng to initialize crng. To: ard.biesheuvel@linaro.org Cc: linux-crypto@vger.kernel.org, mpm@selenic.com, Herbert Xu , Arnd Bergmann , Greg Kroah-Hartman , Gary R Hook , Michael Buesch , PrasannaKumar Muralidharan , mst@redhat.com, linux-kernel@vger.kernel.org, Andrey Pronin , Jarkko Sakkinen , linux@mniewoehner.de, "David R. Bild" , tytso@mit.edu Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 13, 2018 at 5:48 PM Ard Biesheuvel wrote: > > On Thu, 13 Dec 2018 at 10:18, Louis Collard wrote: > > > > Some systems, for example embedded systems, do not generate > > enough entropy on boot through interrupts, and boot may be blocked for > > several minutes waiting for a call to getrandom to complete. > > > > Currently, random data is read from a hwrng when it is registered, > > and is loaded into primary_crng. This data is treated in the same > > way as data that is device-specific but otherwise unchanging, and > > so primary_crng cannot become initialized with the data from the > > hwrng. > > > > This change causes the data initially read from the hwrng to be > > treated the same as subsequent data that is read from the hwrng if > > it's quality score is non-zero. > > > > The implications of this are: > > > > The data read from hwrng can cause primary_crng to become > > initialized, therefore avoiding problems of getrandom blocking > > on boot. > > > > Calls to getrandom (with GRND_RANDOM) may be using entropy > > exclusively (or in practise, almost exclusively) from the hwrng. > > > > Regarding the latter point; this behavior is the same as if a > > user specified a quality score of 1 (bit of entropy per 1024 bits) > > so hopefully this is not too scary a change to make. > > > > This change is the result of the discussion here: > > https://patchwork.kernel.org/patch/10453893/ > > > > Signed-off-by: Louis Collard > > Acked-by: Jarkko Sakkinen > > --- > > drivers/char/hw_random/core.c | 11 +++++++++-- > > 1 file changed, 9 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c > > index 95be7228f327..7736e1a96321 100644 > > --- a/drivers/char/hw_random/core.c > > +++ b/drivers/char/hw_random/core.c > > @@ -24,6 +24,7 @@ > > #include > > #include > > #include > > +#include > > > > #define RNG_MODULE_NAME "hw_random" > > > > @@ -64,13 +65,19 @@ static size_t rng_buffer_size(void) > > static void add_early_randomness(struct hwrng *rng) > > { > > int bytes_read; > > - size_t size = min_t(size_t, 16, rng_buffer_size()); > > + /* Read enough to initialize crng. */ > > + size_t size = min_t(size_t, > > + 2*CHACHA20_KEY_SIZE, > > This should be as symbolic constant that retains its meaning even if > we move away from ChaCha20 or modify the current implementation > > > + rng_buffer_size()); > > > > mutex_lock(&reading_mutex); > > bytes_read = rng_get_data(rng, rng_buffer, size, 1); > > mutex_unlock(&reading_mutex); > > if (bytes_read > 0) > > - add_device_randomness(rng_buffer, bytes_read); > > + /* Allow crng to become initialized, but do not add > > + * entropy to the pool. > > + */ > > + add_hwgenerator_randomness(rng_buffer, bytes_read, 0); > > } > > > > static inline void cleanup_rng(struct kref *kref) > > -- > > 2.13.5 > > Right, this should be [equal to] CRNG_INIT_CNT_THRESH from random.c - I wasn't sure where/how to pull this out to though..