Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751014AbVJSPBK (ORCPT ); Wed, 19 Oct 2005 11:01:10 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751027AbVJSPBK (ORCPT ); Wed, 19 Oct 2005 11:01:10 -0400 Received: from mail.dvmed.net ([216.237.124.58]:61346 "EHLO mail.dvmed.net") by vger.kernel.org with ESMTP id S1751014AbVJSPBI (ORCPT ); Wed, 19 Oct 2005 11:01:08 -0400 Message-ID: <43565FB1.50301@pobox.com> Date: Wed, 19 Oct 2005 11:01:05 -0400 From: Jeff Garzik User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: dsaxena@plexity.net CC: linux-kernel@vger.kernel.org, jgarzik@pobox.net, akpm@osdl.org, tony@atomide.com Subject: Re: [patch 0/5] RNG cleanup & new drivers attempt #1 References: <20051019081906.615365000@omelas> In-Reply-To: <20051019081906.615365000@omelas> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1965 Lines: 40 dsaxena@plexity.net wrote: > - Allow a fastpath where we don't even have the user space portion > and the HW drivers just feed the entropy pool directly. While > this bypasses the FIPS tests and such, there are some applications > where this is OK or where we really don't want the extra proccess > context switching. This is specially true on ARM. I'll have to add > IRQ driven support to the drivers to that, but that's trivial. There > is also some HW (MPC8xxx for example) that does periodic self-tests > in HW and lists itself as "FIPs-compliant" and will trigger an error if > data should no longer be trusted and in that case doing a software > test might also be undesirable. But...we should let the user decide > at build time (or runtime?). Not interesting in pursuing this path. This has been discussed endlessly, check the archives. We want the FIPS tests. Hardware (especially cheap hardware) is often known to go haywire. Trusting hardware to do the FIPS tests is pretty silly, since you're trusting the piece that might go haywire to tell you its OK. RNGs have a history of suddenly providing non-random data, for a variety of reasons (usually poor board wiring). We also want the userspace daemon because that gives the sysadmin far more control over how much entropy is added to the system. 99.9% of the cases in the real world, we don't want the RNG pumping entropy into the pool at full speed. That will likely pump in more data than a system needs, chewing CPU. The admin can't even kill the daemon to reclaim his CPU, if its all in-kernel. It's not brain surgery, to concoct a method by which an interrupt-driven device is used from userspace. Jeff - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/