Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp529802pxb; Thu, 5 Nov 2020 06:34:33 -0800 (PST) X-Google-Smtp-Source: ABdhPJxIR3mZaE5U363NlXXgYCfMFiQ5LxDDz3lppsZaUjnz6yVjZORTJ2VE7scAI4G3bEtwPC7w X-Received: by 2002:a17:906:d7b7:: with SMTP id pk23mr2698673ejb.214.1604586872879; Thu, 05 Nov 2020 06:34:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604586872; cv=none; d=google.com; s=arc-20160816; b=hn0rSi+HwTfvPq4bm3KDmKvRDO0ar8PM5LvLzWHmjl89FyEiUWAGiMggAGXlYspWxv 4CTsidjEzRE0nY7WknHCsxtZZ/BA2c/PPcnu/hZSxQsdzw6Lnkjk0vZeCH+I4kBWCUeT Pk+lOWXs3XESQB5dw6Lq460L8OK+n2o0AfK+xA2WVZ+KKxfUS8qxFVHmIIkzshGtBedL 2yQJnkJNdgVVirINE0ADFWNcf2r379YDxPthb1LkML7wXDiV8Ra/TtsZB0JUhDWSITLw AElzCRXazgkda2JltPDj/a7g7/V+PDhk5pi1MLgWXVUVpz12eSihffjp2g3WpZ6n7N6f azgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:organization :autocrypt:from:references:cc:to:subject; bh=VcgZ04S/xEFvknFU9+jVb5dPUwIDhCZPnQhH5KTkv3s=; b=axDIGkyIThz71ThGEz5FOg8WX4RmDlF9udl85IJ0lifM2s5qMRfkWe2u3SIjCYTgJ0 3wFu4TUv20gDKhtTZEotRqU98OrulNoYxr/8G8LBA3yroI4S4wuXkBnEXFz+dlNGsLSw CwpGWoaNHPT9U2+r5PAmLOs2xWy1sd2ER7leHn+9eQM1zoLDRb2i7f+mS70Z7Ci3bV1X zOcIUBGreibfYSkp+xQNJdh3r0v7IBzcKd4Oedhw8hP2Y+r/4PngR1jCOrNNlo463U15 IsGHPmMWV+0sbsEx2oVfGHM+7sLayz6PU84/zKrVRXm5gfX6EXK9GJShRus0Cfkwsz8L LZ1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d21si1338881ejz.214.2020.11.05.06.34.08; Thu, 05 Nov 2020 06:34:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730960AbgKEObi (ORCPT + 99 others); Thu, 5 Nov 2020 09:31:38 -0500 Received: from foss.arm.com ([217.140.110.172]:34186 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730461AbgKEObh (ORCPT ); Thu, 5 Nov 2020 09:31:37 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B896814BF; Thu, 5 Nov 2020 06:31:36 -0800 (PST) Received: from [192.168.2.22] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2A0623F719; Thu, 5 Nov 2020 06:31:35 -0800 (PST) Subject: Re: [PATCH v2 4/5] arm64: Add support for SMCCC TRNG entropy source To: Mark Rutland , Mark Brown Cc: Will Deacon , Catalin Marinas , Ard Biesheuvel , Russell King , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, Sudeep Holla , Lorenzo Pieralisi , Linus Walleij References: <20201105125656.25259-1-andre.przywara@arm.com> <20201105125656.25259-5-andre.przywara@arm.com> <20201105134142.GA4856@sirena.org.uk> <20201105140322.GH82102@C02TD0UTHF1T.local> From: =?UTF-8?Q?Andr=c3=a9_Przywara?= Autocrypt: addr=andre.przywara@arm.com; prefer-encrypt=mutual; keydata= xsFNBFNPCKMBEAC+6GVcuP9ri8r+gg2fHZDedOmFRZPtcrMMF2Cx6KrTUT0YEISsqPoJTKld tPfEG0KnRL9CWvftyHseWTnU2Gi7hKNwhRkC0oBL5Er2hhNpoi8x4VcsxQ6bHG5/dA7ctvL6 kYvKAZw4X2Y3GTbAZIOLf+leNPiF9175S8pvqMPi0qu67RWZD5H/uT/TfLpvmmOlRzNiXMBm kGvewkBpL3R2clHquv7pB6KLoY3uvjFhZfEedqSqTwBVu/JVZZO7tvYCJPfyY5JG9+BjPmr+ REe2gS6w/4DJ4D8oMWKoY3r6ZpHx3YS2hWZFUYiCYovPxfj5+bOr78sg3JleEd0OB0yYtzTT esiNlQpCo0oOevwHR+jUiaZevM4xCyt23L2G+euzdRsUZcK/M6qYf41Dy6Afqa+PxgMEiDto ITEH3Dv+zfzwdeqCuNU0VOGrQZs/vrKOUmU/QDlYL7G8OIg5Ekheq4N+Ay+3EYCROXkstQnf YYxRn5F1oeVeqoh1LgGH7YN9H9LeIajwBD8OgiZDVsmb67DdF6EQtklH0ycBcVodG1zTCfqM AavYMfhldNMBg4vaLh0cJ/3ZXZNIyDlV372GmxSJJiidxDm7E1PkgdfCnHk+pD8YeITmSNyb 7qeU08Hqqh4ui8SSeUp7+yie9zBhJB5vVBJoO5D0MikZAODIDwARAQABzS1BbmRyZSBQcnp5 d2FyYSAoQVJNKSA8YW5kcmUucHJ6eXdhcmFAYXJtLmNvbT7CwXsEEwECACUCGwMGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheABQJTWSV8AhkBAAoJEAL1yD+ydue63REP/1tPqTo/f6StS00g NTUpjgVqxgsPWYWwSLkgkaUZn2z9Edv86BLpqTY8OBQZ19EUwfNehcnvR+Olw+7wxNnatyxo D2FG0paTia1SjxaJ8Nx3e85jy6l7N2AQrTCFCtFN9lp8Pc0LVBpSbjmP+Peh5Mi7gtCBNkpz KShEaJE25a/+rnIrIXzJHrsbC2GwcssAF3bd03iU41J1gMTalB6HCtQUwgqSsbG8MsR/IwHW XruOnVp0GQRJwlw07e9T3PKTLj3LWsAPe0LHm5W1Q+euoCLsZfYwr7phQ19HAxSCu8hzp43u zSw0+sEQsO+9wz2nGDgQCGepCcJR1lygVn2zwRTQKbq7Hjs+IWZ0gN2nDajScuR1RsxTE4WR lj0+Ne6VrAmPiW6QqRhliDO+e82riI75ywSWrJb9TQw0+UkIQ2DlNr0u0TwCUTcQNN6aKnru ouVt3qoRlcD5MuRhLH+ttAcmNITMg7GQ6RQajWrSKuKFrt6iuDbjgO2cnaTrLbNBBKPTG4oF D6kX8Zea0KvVBagBsaC1CDTDQQMxYBPDBSlqYCb/b2x7KHTvTAHUBSsBRL6MKz8wwruDodTM 4E4ToV9URl4aE/msBZ4GLTtEmUHBh4/AYwk6ACYByYKyx5r3PDG0iHnJ8bV0OeyQ9ujfgBBP B2t4oASNnIOeGEEcQ2rjzsFNBFNPCKMBEACm7Xqafb1Dp1nDl06aw/3O9ixWsGMv1Uhfd2B6 it6wh1HDCn9HpekgouR2HLMvdd3Y//GG89irEasjzENZPsK82PS0bvkxxIHRFm0pikF4ljIb 6tca2sxFr/H7CCtWYZjZzPgnOPtnagN0qVVyEM7L5f7KjGb1/o5EDkVR2SVSSjrlmNdTL2Rd zaPqrBoxuR/y/n856deWqS1ZssOpqwKhxT1IVlF6S47CjFJ3+fiHNjkljLfxzDyQXwXCNoZn BKcW9PvAMf6W1DGASoXtsMg4HHzZ5fW+vnjzvWiC4pXrcP7Ivfxx5pB+nGiOfOY+/VSUlW/9 GdzPlOIc1bGyKc6tGREH5lErmeoJZ5k7E9cMJx+xzuDItvnZbf6RuH5fg3QsljQy8jLlr4S6 8YwxlObySJ5K+suPRzZOG2+kq77RJVqAgZXp3Zdvdaov4a5J3H8pxzjj0yZ2JZlndM4X7Msr P5tfxy1WvV4Km6QeFAsjcF5gM+wWl+mf2qrlp3dRwniG1vkLsnQugQ4oNUrx0ahwOSm9p6kM CIiTITo+W7O9KEE9XCb4vV0ejmLlgdDV8ASVUekeTJkmRIBnz0fa4pa1vbtZoi6/LlIdAEEt PY6p3hgkLLtr2GRodOW/Y3vPRd9+rJHq/tLIfwc58ZhQKmRcgrhtlnuTGTmyUqGSiMNfpwAR AQABwsFfBBgBAgAJBQJTTwijAhsMAAoJEAL1yD+ydue64BgP/33QKczgAvSdj9XTC14wZCGE U8ygZwkkyNf021iNMj+o0dpLU48PIhHIMTXlM2aiiZlPWgKVlDRjlYuc9EZqGgbOOuR/pNYA JX9vaqszyE34JzXBL9DBKUuAui8z8GcxRcz49/xtzzP0kH3OQbBIqZWuMRxKEpRptRT0wzBL O31ygf4FRxs68jvPCuZjTGKELIo656/Hmk17cmjoBAJK7JHfqdGkDXk5tneeHCkB411p9WJU vMO2EqsHjobjuFm89hI0pSxlUoiTL0Nuk9Edemjw70W4anGNyaQtBq+qu1RdjUPBvoJec7y/ EXJtoGxq9Y+tmm22xwApSiIOyMwUi9A1iLjQLmngLeUdsHyrEWTbEYHd2sAM2sqKoZRyBDSv ejRvZD6zwkY/9nRqXt02H1quVOP42xlkwOQU6gxm93o/bxd7S5tEA359Sli5gZRaucpNQkwd KLQdCvFdksD270r4jU/rwR2R/Ubi+txfy0dk2wGBjl1xpSf0Lbl/KMR5TQntELfLR4etizLq Xpd2byn96Ivi8C8u9zJruXTueHH8vt7gJ1oax3yKRGU5o2eipCRiKZ0s/T7fvkdq+8beg9ku fDO4SAgJMIl6H5awliCY2zQvLHysS/Wb8QuB09hmhLZ4AifdHyF1J5qeePEhgTA+BaUbiUZf i4aIXCH3Wv6K Organization: ARM Ltd. Message-ID: <8bc7c4f9-651d-0ebe-858e-daa6307ec508@arm.com> Date: Thu, 5 Nov 2020 14:30:27 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <20201105140322.GH82102@C02TD0UTHF1T.local> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/11/2020 14:03, Mark Rutland wrote: > On Thu, Nov 05, 2020 at 01:41:42PM +0000, Mark Brown wrote: >> On Thu, Nov 05, 2020 at 12:56:55PM +0000, Andre Przywara wrote: >> >>> static inline bool __must_check arch_get_random_seed_int(unsigned int *v) >>> { >>> + struct arm_smccc_res res; >>> unsigned long val; >>> - bool ok = arch_get_random_seed_long(&val); >>> >>> - *v = val; >>> - return ok; >>> + if (cpus_have_const_cap(ARM64_HAS_RNG)) { >>> + if (arch_get_random_seed_long(&val)) { >>> + *v = val; >>> + return true; >>> + } >>> + return false; >>> + } >> >> It isn't obvious to me why we don't fall through to trying the SMCCC >> TRNG here if for some reason the v8.5-RNG didn't give us something. >> Definitely an obscure possibility but still... > > I think it's better to assume that if we have a HW RNG and it's not > giving us entropy, it's not worthwhile trapping to the host, which might > encounter the exact same issue. > > I'd rather we have one RNG source that we trust works, and use that > exclusively. > > That said, I'm not sure it's great to plumb this under the > arch_get_random*() interfaces, e.g. given this measn that > add_interrupt_randomness() will end up trapping to the host all the time > when it calls arch_get_random_seed_long(). > > Is there an existing interface for "slow" runtime entropy that we can > plumb this into instead? There is the framework implementing /dev/hwrng, and in fact I started with a driver for that (have that in some working state). But this is only available somewhat late in the game (after drivers get initialised), and Ard mentioned that one advantage of the firmware i/f is (somewhat) early availability. Now for SMCCC we need firmware tables (for the conduit), so it's not too early either. If too frequent firmware traps are a concern, we could always request the maximum 192 bits, and store them. That would avoid 2/3 of the current traps. Cheers, Andre