Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3281918pxb; Wed, 13 Oct 2021 02:53:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBie/hK0mgDbYekwJZJrS0fFILTrAc3ID6Q94BerRg0YM16+CGCb0ZzkJZSjjXrXEj/tLN X-Received: by 2002:a17:90b:3850:: with SMTP id nl16mr12047728pjb.127.1634118796003; Wed, 13 Oct 2021 02:53:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634118795; cv=none; d=google.com; s=arc-20160816; b=Pk1ulQ40qksk0sHwS872033byTKH/0q+LQwxjjqglDArqqDPrm5uE99uaV3ktlXvjq h61sQbSeEWcrJ8JpjxRsPeI0XKY6QntVlxW3AXqi8++BvdupQL/NNJ9fIT5lGTSsBZ5W aXsLoYyd5DnXn94lcLq+lj0q0Kf/DcSIeffvJmZA4yvxJvjaREe09ttk266xra6G+0jL TAV4Nl8Lpkir247e9GEnjA0usc0W7jV6yjFKuc7y5GOuIop10xFT6zBdpOe0igCQYtaf LKrxhsfv1BHkLMdnDTEh8xfEgXnM8rRMcfc0A5PQ4avZ0C45WempPP7cNTg3JGyP8qbl BGsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature:dkim-signature; bh=pA9BDJcI5fQpUiH9skGe8D3QbL5rS02Lw+A2yhWbX2Y=; b=RdVODZrNgCVU8I5P98cw8717M+ETAF8XtyKklhyULDZznkt8cpxIpHJpJl8/F7OJF7 X87D5xBkOSnaMTXrQoeY8c64egB4cDWBguC2ExSxGKO+Iok9XnbXhqDCqziygP47X+L5 9y+yJDVBLkbd5wLQ5Mwtq3neiWPQDDGr99mGrowwglGcGFHdAD419yb4AeHrengJkgEF A6kV+HuCCwyI5xSdy9of0VJ0Cea1RNdoVHBAt6Id0J9ZWcqn0+/Ku55A88+lEge83TAi WAhrnzfCgu9nOyglYiv6xth8mxGTnhsesG6Bm6wTEZwCgMn+IhEGDaZhUpywwdIKyaFO IVyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=TR915s66; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=vAGMi8xH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id kb2si8843428pjb.108.2021.10.13.02.53.03; Wed, 13 Oct 2021 02:53:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=TR915s66; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=vAGMi8xH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239166AbhJMJyD (ORCPT + 99 others); Wed, 13 Oct 2021 05:54:03 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:53502 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238206AbhJMJyC (ORCPT ); Wed, 13 Oct 2021 05:54:02 -0400 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id EC182222D5; Wed, 13 Oct 2021 09:51:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1634118718; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pA9BDJcI5fQpUiH9skGe8D3QbL5rS02Lw+A2yhWbX2Y=; b=TR915s66BXRg5uB/lrJCG5QRbnBPFxSaA2HsgytBatEFFqH649C23oNr9WKH1GsoJK463c v8moP06J46uM4R1VC1HhZiSoxmymJX6tmb9UqCbkKErEgt/xNsrz3g78/9KUgSHw/3N+m3 pnu6cKX8xgrC5DVu9jZWMXbnSZrxvBU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1634118718; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pA9BDJcI5fQpUiH9skGe8D3QbL5rS02Lw+A2yhWbX2Y=; b=vAGMi8xH6OJACTYjZK3R6EGaICaIctCAeB18LuiE7CbbE2F+UyxUu9rkDyToUC1aFVWfje HiAORuKLqDKqUEDg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B931F13CEC; Wed, 13 Oct 2021 09:51:58 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 3SIYKz6sZmH0OQAAMHmgww (envelope-from ); Wed, 13 Oct 2021 09:51:58 +0000 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Subject: Re: [RESEND] [PATCH] Revert "efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness" From: "Ivan T. Ivanov" In-Reply-To: Date: Wed, 13 Oct 2021 12:51:57 +0300 Cc: Dominik Brodowski , linux-efi , Linux Kernel Mailing List Content-Transfer-Encoding: quoted-printable Message-Id: <2E0472BF-BC05-4722-83EC-26919278CC2E@suse.de> References: <20211012082708.121931-1-iivanov@suse.de> <4eccf707f2553f0f66ae3789b5689231@suse.de> To: Ard Biesheuvel X-Mailer: Apple Mail (2.3608.120.23.2.7) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, > On 13 Oct 2021, at 10:50, Ard Biesheuvel wrote: >=20 > On Wed, 13 Oct 2021 at 09:30, Ivan T. Ivanov wrote: >>=20 >> Hi, >>=20 >> Quoting Dominik Brodowski (2021-10-12 11:40:34) >>> Am Tue, Oct 12, 2021 at 11:27:08AM +0300 schrieb Ivan T. Ivanov: >>>> This reverts commit 18b915ac6b0ac5ba7ded03156860f60a9f16df2b. >>>>=20 >>>> When CONFIG_RANDOM_TRUST_BOOTLOADER is enabled = add_bootloader_randomness() >>>> calls add_hwgenerator_randomness() which might sleep, >>>=20 >>> Wouldn't it be better to fix add_bootloader_randomness(), = considering >>> that >>> calls to that function are likely to happen quite early during = kernel >>> initialization? Especially as it seems to have worked beforehand? >>=20 >> I have tried. I made wait_event_interruptible() optional, but then >> crng_reseed() segfault badly. And I don't think crng_reseed() is >> something that I could fix easily. Suggestions are welcomed ;-) >>=20 >=20 > How about >=20 > diff --git a/drivers/char/random.c b/drivers/char/random.c > index 605969ed0f96..1828dc691ebf 100644 > --- a/drivers/char/random.c > +++ b/drivers/char/random.c > @@ -2297,9 +2297,8 @@ EXPORT_SYMBOL_GPL(add_hwgenerator_randomness); > */ > void add_bootloader_randomness(const void *buf, unsigned int size) > { > + add_device_randomness(buf, size); > if (IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER)) > - add_hwgenerator_randomness(buf, size, size * 8); > - else > - add_device_randomness(buf, size); > + credit_entropy(&input_pool, size * 8); > } > EXPORT_SYMBOL_GPL(add_bootloader_randomness); This doesn=E2=80=99t boot. I just changed following and kernel panics. =20= - credit_entropy + credit_entropy_bits Please see attached file. Regards, Ivan