Received: by 2002:a05:7412:3290:b0:fa:6e18:a558 with SMTP id ev16csp673166rdb; Fri, 26 Jan 2024 07:24:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IHwDHoUUqdOO7+6OAE3yKYNlit1Aup60ESJfXGZ0nR46EZLTDOk5ca6SPcqMaTOajziS2gi X-Received: by 2002:a05:6a21:3941:b0:19c:9395:985a with SMTP id ac1-20020a056a21394100b0019c9395985amr584691pzc.85.1706282647573; Fri, 26 Jan 2024 07:24:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706282647; cv=pass; d=google.com; s=arc-20160816; b=E91mnl/jWktlyq+ZZOrp2akURe9v+YJvSxz9+Ydc92wKQDn44jSYO3M5fhNXuGcYtP UKkB81jxs8B4SEGKUU8Nc58ldqFgUx57AmKodu6Wq2raxMn1LN12XmvAIrZZN1U6KtwQ 4dsmANEWbIV0juhefn0bpcsjdqzlenv8Hx7wdSAyftphFkMd5aDk1MyC9k2RWgP+8BSj zTuWiGyoppp+U+pVDbDray0nT6BDftiaHpTQGWXjNV9acPFpmys8roLz9guidTLPwntM H+o4Z5wY8fjarSsNYch/16M7hGe8LAnVfooawkgFSIdTDfsLPWBxbss8/vuj26xZh1gi CrDw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :in-reply-to:date:dkim-signature; bh=uy3R1AKMbIaUlXE1Nr9/RuFwNoQzqIu4pzJFsA3j5jw=; fh=5LNXrCr8me765FyKkSC2OQbJrUS4q5NbPyyAfJE+N6A=; b=fcnkrJKoAPCqsKLrIPjuels7k/c+5TPdOOJpgjQy1c+viHS7JmDMwCvPxmh4//iycZ Dpwf81Kd04lkSjzhnxLFkMg5t92aHu8z9W7PFfnmMILkA92tUhbgQbsNXeCxSLj/3BKz lc7c6zhOtTHAvCI8sWYp7FJOKDacXBWsvcCILMIOeZYJ3xiH7LLoQGaVBevRiD/cb4PY dpRTHBppHe1+XaWxje6V8aup16Ahhg5B5w8iyb8P89lxXmllO/Oyj9wk4vldJXl7vjAt u6NGjDXl1DGJUR0nATNPYsVBJSprP5+hoRjbCAVjKGj0hR1/mUelYGkod0jxMbk1guBZ RwoQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=vLkxbsx0; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-40264-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-40264-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id e25-20020a656799000000b005d7b2454e37si1278661pgr.162.2024.01.26.07.24.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jan 2024 07:24:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-40264-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=vLkxbsx0; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-40264-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-40264-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3DD6A281F9D for ; Fri, 26 Jan 2024 15:24:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BE10A1CF94; Fri, 26 Jan 2024 15:24:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vLkxbsx0" Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B9A215AD0 for ; Fri, 26 Jan 2024 15:23:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706282639; cv=none; b=QgUzoY7Uyr5oy3qASBvd2joOp5axIco9AMyYrqs6Rir07OhmAq7cOFZN9c3tGlzRCwEpqHmh2yLwEedlOs7C1ExrXuV2uSx+gGkYTqLzaAs6eYO4D3L/1LwypxgAhNdGxOsc2Uce1qU+hnbs3+5WnUONvXpooh7IvGGphIlwKV4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706282639; c=relaxed/simple; bh=ydPZ3tu4FlaDxMtV6SOM9OK/z2p8/IzKH4YoVsZ330U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OqcPEx7sbhuQLuObHFynUOLypbnE8UkvhKdakMXQHyQPm5tRxonrI8qunEWrAGJXKmtkLxsYnoRSesru7RUKGYfGp7j129xsYGH/DW4dPhvl+wnJokJyuywE7wewhYLLJaSRxisiib7NhfVgIAV2Jpvqb2DPdCRtu5V3YWtayKA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vLkxbsx0; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-6ddc261570cso582870b3a.0 for ; Fri, 26 Jan 2024 07:23:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706282638; x=1706887438; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=uy3R1AKMbIaUlXE1Nr9/RuFwNoQzqIu4pzJFsA3j5jw=; b=vLkxbsx03MC06Bfz8RTh7dCKiQYtJHKMutnW9AOzNBJYV/IoHT05IdRN8Wsa2PlAzh vAPdKvsdBaWDs30FzNm+wgtzAcxE/OfmpBeKIIA3ENWm/eVvo29YlGf294kN9/ORIvDV RMn7if9iR9uWNUEDc1anluTF6Xjp8Vgsx0SFlAoro+7SR4PoG3NpizTrYecLtYRdNRfy oELeEOSTPC1X+vBZKHTbNoyntUPCruS7udz1lrl/dk0h5h/fFSO2I0hYI+qdHcELPv2o 13tWTFs27z48HDGJ6+9m5PNwU9QlXCvpg8RBYoqQ6UIfNRc9HQyJiotqCCb0vzoU49Js tXmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706282638; x=1706887438; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=uy3R1AKMbIaUlXE1Nr9/RuFwNoQzqIu4pzJFsA3j5jw=; b=QD/sQ3RD44Pw39eEkyi7ZTIvvY6k1eVCdYEU+obCZuZptPAHoLxhSVhTSeR0TKnyqq u1Dye2mSjkZOKKznoVrjpttAe2FUaRp0pf6ADGGthk+JzmVJDkWeQjEsV9Hw0RKf1dkn Tlo/ngWYtVL/TUWhrJKhwJl8CGGQ9MyJdEcgSo7u+rsHmli4ZtEyi4qmqycAGaTIkwdG z5X6as52/6jpAhtsaypPRBCaws4QEfpQn0GP5/hFCgRY4xZzx8Q9Yt+/ZRny2zpIOMfI t8mtAD/FSkMkIBLd31RdX01WnJEzEQD5nb0PFciotl3LMUcSVhueZAt5aB+a/E06a5yL d1tA== X-Gm-Message-State: AOJu0Yw7h0rVa9piHv2L8mvDcFtysTZ4cFhaQiB4JOl8mUq31PLsKLtw Cc0r3iLmTPfX3YPP0dxfrjvWjNRlngHH1PQAXDwp1CnIkSY2RqtenbMUG/GZwwlfDuFX0o3X/JW zHA== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:1d1d:b0:6de:622:2ebf with SMTP id a29-20020a056a001d1d00b006de06222ebfmr81316pfx.3.1706282637856; Fri, 26 Jan 2024 07:23:57 -0800 (PST) Date: Fri, 26 Jan 2024 07:23:55 -0800 In-Reply-To: <20240126134230.1166943-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240126134230.1166943-1-kirill.shutemov@linux.intel.com> Message-ID: Subject: Re: [RFC] Randomness on confidential computing platforms From: Sean Christopherson To: "Kirill A. Shutemov" Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , x86@kernel.org, "Theodore Ts'o" , "Jason A. Donenfeld" , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Tom Lendacky , Ashish Kalra , linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 26, 2024, Kirill A. Shutemov wrote: > Problem Statement >=20 > Currently Linux RNG uses the random inputs obtained from x86 > RDRAND/RDSEED instructions (if present) during early initialization > stage (by mixing the obtained input into the random pool via > _mix_pool_bytes()), as well as for seeding/reseeding ChaCha-based CRNG. > When the calls to both RDRAND/RDSEED fail (including RDRAND internal > retries), the timing-based fallbacks are used in the latter case, and > during the early boot case this source of entropy input is simply > skipped. Overall Linux RNG has many other sources of entropy that it > uses (also depending on what HW is used), but the dominating one is > interrupts. >=20 > In a Confidential Computing Guest threat model, given the absence of any > special trusted HW for the secure entropy input, RDRAND/RDSEED > instructions is the only entropy source that is unobservable outside of > Confidential Computing Guest TCB. However, with enough pressure on these > instructions from multiple cores (see Intel SDM, Volume 1, Section > 7.3.17, =E2=80=9CRandom Number Generator Instructions=E2=80=9D), they can= be made to > fail on purpose and force the Confidential Computing Guest Linux RNG to > use only Host/VMM controlled entropy sources. >=20 > Solution options >=20 > There are several possible solutions to this problem and the intention > of this RFC is to initiate a joined discussion. Here are some options > that has been considered: >=20 > 1. Do nothing and accept the risk. > 2. Force endless looping on RDRAND/RDSEED instructions when run in a > Confidential Computing Guest (this patch). This option turns the > attack against the quality of cryptographic randomness provided by > Confidential Computing Guest=E2=80=99s Linux RNG into a DoS attack aga= inst > the Confidential Computing Guest itself (DoS attack is out of scope > for the Confidential Computing threat model). > 3. Panic after enough re-tries of RDRAND/RDSEED instructions fail. > Another DoS variant against the Guest. > 4. Exit to the host/VMM with an error indication after a Confidential > Computing Guest failed to obtain random input from RDRAND/RDSEED > instructions after reasonable number of retries. This option allows > host/VMM to take some correction action for cases when the load on > RDRAND/RDSEED instructions has been put by another actor, i.e. the > other guest VM. The exit to host/VMM in such cases can be made > transparent for the Confidential Computing Guest in the TDX case with > the assistance of the TDX module component. Hell no. Develop better hardware if you want to guarantee forward progress= . Don't push more complexity into the host stack for something that in all li= kelihood will never happen outside of buggy software or hardware. > 5. Anything other better option? Give the admin the option to choose between "I don't care, carry-on with le= ss randomness" and "I'm paranoid, panic, panic, panic!". In other words, let = the admin choose between #1 and #3 at boot time. You could probably even let t= he admin control the number of retries, though that's probably a bit excessive= . And don't tie it to CoCo VMs, e.g. if someone is relying on randomness for = a bare metal workload, they might prefer to panic if hardware is acting funky.