Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp755664ybv; Fri, 7 Feb 2020 08:00:35 -0800 (PST) X-Google-Smtp-Source: APXvYqwBK5EJ1h/g/y0zZ1/JZAGtTi+XInKFlB8tnNnETHGl4IaQVVQjJ/ZXdNceeWUVMZxYnMa/ X-Received: by 2002:a05:6830:13da:: with SMTP id e26mr28889otq.97.1581091235472; Fri, 07 Feb 2020 08:00:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581091235; cv=none; d=google.com; s=arc-20160816; b=ybFXYJ6YaFH5JcT+YZwflJJwEdgiG3wAEfuVva8NAzHvN6C13jWab8ttmSgYS2P8GQ qf6h3xPB+jgBvjS1mcGJ7UkFMG7jNfcFgjNhg+3dktT2g/Bk8pGloEEvDIyjGrsULPtA 9JhLjtGdI/+nwCFXXtsA3S2TPJ8oCWDPM76LTtpH7ST8dkAregtvEEnzEkCM0mgQhx3A nhMtArcSIxQ7wE7iaKlpmDGcJT3Xg7YdTcH/Xex0Di7++3vmZGaBK/wjUsGvKi6tYaEE W82BOQ8k+BktqrDrvKJdE3K/CYX6wc787jnkoB2Bqv6ZIXqos98Q3usYQQjWXOLzD289 DaAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=hLcYozvesfB0xj7tFa3H1LKQmoNOW0oxq8GTGBWjlJ4=; b=1JOPCOsgKdoSRbEbtJ6UqfPjaE44HfSiqTCAgqieyaGOvT70rIJcTz7jtS67PO2oP4 HjZqq4fPeAvmVJoRxrKaQzNwM2SofBC0iFjver904000nSIr/OYypnq9mcb8isZaYP78 /q9UwvdDMY3mJcRZgkRxhd9axCcBSEVmHpXGD1D47IvX4kYU0i8SSMct5CwmyafFCf4g Eb6xe2TS2D4CaCO893pudlA67LFbMDdNZC0YIl2NkPmLuwMVWFWu/sqf3ZqGHW/Uc6BJ O/X2KNcnkiN/GOeXFssxHPgrvkNdItDQUFzzyXA9JQXjnDkfS0Tz5q/jcFdsq1JlDw/J 04Cw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v145si3838216oia.68.2020.02.07.08.00.22; Fri, 07 Feb 2020 08:00:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727065AbgBGP7X (ORCPT + 99 others); Fri, 7 Feb 2020 10:59:23 -0500 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:35829 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726974AbgBGP7X (ORCPT ); Fri, 7 Feb 2020 10:59:23 -0500 Received: from callcc.thunk.org (guestnat-104-133-0-101.corp.google.com [104.133.0.101] (may be forged)) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 017FwTbL031620 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 7 Feb 2020 10:58:29 -0500 Received: by callcc.thunk.org (Postfix, from userid 15806) id EF42F420324; Fri, 7 Feb 2020 10:58:28 -0500 (EST) Date: Fri, 7 Feb 2020 10:58:28 -0500 From: "Theodore Y. Ts'o" To: Mark Salyzyn Cc: linux-kernel@vger.kernel.org, kernel-team@android.com, Arnd Bergmann , Greg Kroah-Hartman , Richard Henderson , Mark Brown , Kees Cook , Hsin-Yi Wang , Vasily Gorbik , Andrew Morton , Masami Hiramatsu , "Steven Rostedt (VMware)" , Mike Rapoport , Arvind Sankar , Dominik Brodowski , Thomas Gleixner , Alexander Potapenko Subject: Re: [PATCH] random: add rng-seed= command line option Message-ID: <20200207155828.GB122530@mit.edu> References: <20200207150809.19329-1-salyzyn@android.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200207150809.19329-1-salyzyn@android.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org What was the base of your patch? It's not applying on my kernel tree. On Fri, Feb 07, 2020 at 07:07:59AM -0800, Mark Salyzyn wrote: > A followup to commit 428826f5358c922dc378830a1717b682c0823160 > ("fdt: add support for rng-seed") to extend what was started > with Open Firmware (OF or Device Tree) parsing, but also add > it to the command line. > > If CONFIG_RANDOM_TRUST_BOOTLOADER is set, then feed the rng-seed > command line option length as added trusted entropy. > > Always rrase all views of the rng-seed option, except early command > line parsing, to prevent leakage to applications or modules, to > eliminate any attack vector. s/rrase/erase/ > > It is preferred to add rng-seed to the Device Tree, but some > platforms do not have this option, so this adds the ability to > provide some command-line-limited data to the entropy through this > alternate mechanism. Expect all 8 bits to be used, but must exclude > space to be accounted in the command line. "all 8 bits"? > @@ -875,6 +909,21 @@ asmlinkage __visible void __init start_kernel(void) > rand_initialize(); > add_latent_entropy(); > add_device_randomness(command_line, strlen(command_line)); > + if (IS_BUILTIN(CONFIG_RANDOM_TRUST_BOOTLOADER)) { > + size_t l = strlen(command_line); > + char *rng_seed = strnstr(command_line, rng_seed_str, l); > + > + if (rng_seed) { > + char *end; > + > + rng_seed += strlen(rng_seed_str); > + l -= rng_seed - command_line; > + end = strnchr(rng_seed, l, ' '); > + if (end) > + l = end - rng_seed; > + credit_trusted_entropy(l); > + } > + } This doesn't look right at all. It calls credit_trusted_entropy(), but it doesn't actually feed the contents of rng_seed where. Why not just call add_hwgeneterator_randomness() and drop adding this credit_trusted_entropy(l)? - Ted