Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2546930pxp; Tue, 22 Mar 2022 00:14:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2r1Jzn+mf6vfbRr6JO2OW7HqECycY9wzUXNnSRPlmVQv5h4AT4ZOnxVEhsGoH9ai2v6Im X-Received: by 2002:a17:90b:3802:b0:1c6:905c:af2e with SMTP id mq2-20020a17090b380200b001c6905caf2emr3299334pjb.236.1647933296727; Tue, 22 Mar 2022 00:14:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647933296; cv=none; d=google.com; s=arc-20160816; b=DreyUv+qJW9mAoMRjiE2d/Nj4suqn0cpzhxIPdD4pfbOa85XBmxJAyhfN/h4G74o54 VtqXmDxfyAWn30FAaX5J9avkIhrpuAPWkd6pnQ5KQoK8bKKL7VAPqaJj1U6bYPOtqi1i DAfwoNRd3Ck8fptuv+nt2vL2nW+FafeMwLijTYiZPG1xGf8pvaecxXcSgXc082JskYNI tjttLoMR+nS3PVE9eahcBW1naEv3rG4MG+CGo5W4D4g6FmJieTifA9m8fg4vg4PRu+sj ZzN2SknqrBthzmtvoUSYGxBXjGEqGZ7oLe+SpgLZlsGsfxFdyGQI85UTpcxJceFkgWVL kluA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=HdfEV6vXkkFhRavghMLkQYvLJctY+N+UeQ03l9AHoAc=; b=GcCnYSYx62Phal/QzWyraGJYl41vm9ycgAlFimQ7M1usjpsEfy5CQDlWw65iwP58Ak yQTT8ASLkRmMKTxIw1k+03Usn/k2W0qURQ191aGyVtNRgg5V+yLoTLu+BFcZwWYVg5Du dzgHU6a7JT22tuDmIW6iE4+kRg45Y/87uI5WjKrUapI+VInWfmmJySrtsBhosOU7503K t+5jR2RV+pwUfS9NG8UEz1LabIT1pH80fcMZanH1eeETKoRAnxd9iV/U+aAFK5FFQkLi p+N5U65bYK/pwb5Kt3ZFYiYP2GVg+6ZmK8A1XEKtR2SoI2tWwXxrtKlkNd+91vFC4NFY q74g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id oc2-20020a17090b1c0200b001bd14e0309asi1774386pjb.114.2022.03.22.00.14.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Mar 2022 00:14:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C7E3B56C1C; Mon, 21 Mar 2022 23:45:07 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237063AbiCVGq2 (ORCPT + 99 others); Tue, 22 Mar 2022 02:46:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237100AbiCVGqY (ORCPT ); Tue, 22 Mar 2022 02:46:24 -0400 Received: from isilmar-4.linta.de (isilmar-4.linta.de [136.243.71.142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 835FA5575C for ; Mon, 21 Mar 2022 23:44:57 -0700 (PDT) X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id D895420140A; Tue, 22 Mar 2022 06:44:53 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id 5538E80631; Tue, 22 Mar 2022 07:44:47 +0100 (CET) Date: Tue, 22 Mar 2022 07:44:47 +0100 From: Dominik Brodowski To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] random: skip fast_init if hwrng provides large chunk of entropy Message-ID: References: <20220322005256.3787-1-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220322005256.3787-1-Jason@zx2c4.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Mon, Mar 21, 2022 at 06:52:56PM -0600 schrieb Jason A. Donenfeld: > At boot time, EFI calls add_bootloader_randomness(), which in turn calls > add_hwgenerator_randomness(). Currently add_hwgenerator_randomness() > feeds the first 64 bytes of randomness to the "fast init" > non-crypto-grade phase. But if add_hwgenerator_randomness() gets called > with more than POOL_MIN_BITS of entropy, there's no point in passing it > off to the "fast init" stage, since that's enough entropy to bootstrap > the real RNG. Well, so far, we need 64 bytes input to the fast init stage, and then further 32 bytes of randomness to proceed to full init, and we used to mix the former into the latter, which provided for some sort of extra margin. But as we don't seem to do that any more (mixing some of base_crng back into the input_pool), that exercise may have become pointless. However, it's noteworthy that then CONFIG_RANDOM_TRUST_BOOTLOADER really means trusting it to possibly being the only source for the first generation of base_crng. In the past, EFI-provided randnomness never was sufficient to progress crng_init to 2. Therefore, I am a bit torn about this patch. Thanks, Dominik NB: As POOL_MIN_BITS equals POOL_BITS, there's some room for cleanup. For example, entropy_count cannot become larger than POOL_MIN_BITS in credit_entropy_bits(), AFAICS.