Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp1196970rdb; Tue, 30 Jan 2024 10:36:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IGqgc8ddY/MJyetsNoM8apXMUjWsBWmjtdLcFTTgaJc7+zPB9MvH6uDmgse6JgOpzjDeV1r X-Received: by 2002:a17:906:4ed9:b0:a35:bf32:8ce4 with SMTP id i25-20020a1709064ed900b00a35bf328ce4mr4456740ejv.52.1706639763401; Tue, 30 Jan 2024 10:36:03 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706639763; cv=pass; d=google.com; s=arc-20160816; b=P+UC+SybU9VyfsBat6ESTqy8QwX/mgCgLtN18iqw0nIxv4Q8hUuZRtn0rnMZDKZ0Bn l7WvlbQsw2w2S0Ul2pI/TfLBHqSDW3OxDbzC7rmhJsaW5jpoGjf3f+1qrgbWGW+llAYt 44j4IyLxBowqyDBXzLBr/6MJZWRJ8wJ1kPlAfpLytS/IZMWRk8f47OiAEH1MJhs8FuSo bm0iBT8xDGRsVc0xjf/mQFyL9GyVYhI+KZw8QNKgSrXxEZKXPhuFPOl5Zqwj3CTLO1mX ubQ0f5r4v+ZuF5dXYIGXIubOOQy5ixizBNS6BbSWb1hWFzPyWDD5LrrfYdC9OWveewzn CNPQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=NuMYWAxwqeNbqERKu7z/ZwgR5K09xc1UznlMLRamtZo=; fh=4CNubadS72mO/La+cWKYUqRVacXKh6yn4n5IQzylqWY=; b=zV4nyVVqQB7N+9JRcJysmC/So+QfIo65X0GRoAzznlCH/51Agv4T9AzlvMOs9A7NLY gOgbId5C/bnTVOT5/rcAgDz5tyLGzGYkWBTqE5TrKoZHXN4H2PjFpqmPTMUvk4EV/qdl Uoe99xcgtcDnrnTdnE1invhltuFHHW3zZTIp7slb6qMJiRiiIPBnWekHCDypQI+4gCzj FH18siXjHLn9g4pgAjhWMSzGLYo9ZVqWI8rp/soP5mjEH52vDo5zH/GqOLeeCoy0QlZp +PRz7Xk5rJiLg6FLt547aN3pr9s8sia+9jwsySr85arH0TUTxFzDUOx60OpwBc1MiokP Lgxg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=BakQh+UC; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-45117-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45117-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id lv12-20020a170906bc8c00b00a2d0d311720si4833223ejb.530.2024.01.30.10.36.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jan 2024 10:36:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-45117-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=BakQh+UC; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-45117-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45117-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 29B641F21CC7 for ; Tue, 30 Jan 2024 18:36:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1EAE278B57; Tue, 30 Jan 2024 18:35:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="BakQh+UC" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39F7469E05 for ; Tue, 30 Jan 2024 18:35:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706639753; cv=none; b=PSl7+f5ekkfNV7gjg6ApWB4jGkHcmZq2BmXIPXCHVJ99sttq9vggyB8RJd2HFHcg9MK5GMFKd8AktoQ7Oi4nSjcdpZn8hIFNGK2ib4YzDUQ24AANu9BpXYK6NTlcOaTkSMh7v0n+OSst/YLFnElqU+EYB1fz+ydSQ49j5o/Rj8w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706639753; c=relaxed/simple; bh=NuMYWAxwqeNbqERKu7z/ZwgR5K09xc1UznlMLRamtZo=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=KCPsPElGjc6URaBRs6iagbKd14IEWIhWLQ9IFd5YlzQ1apu22NwfUT8ROO0jCgiYHERJaL/hFfdL9sx8VdLbkZmU7JPLS7zxNLlgqhoROE4/I9ddukXjF6uo3wPZzCASATYfGGWazClQau6DmFJP1dXIygTvbx1P8Wm0bjpvzK8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=BakQh+UC; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 919F5C43394 for ; Tue, 30 Jan 2024 18:35:52 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="BakQh+UC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1706639749; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NuMYWAxwqeNbqERKu7z/ZwgR5K09xc1UznlMLRamtZo=; b=BakQh+UCfaj1zpm4b5gUspdyrLDHcS/dcFK8tGb6OSAu/ygcaX9PR1brtswGOOu0IBd8MI mycaWwEMdBZaHrg53Rc1orNFGGfhFCZ16TwAICdym9Bmk1N75O92OBXC3AyCvjs35h4IM/ s8C3UFxOwhPA9BaX0ILVzCWmMb0o8u0= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 66b1406b (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Tue, 30 Jan 2024 18:35:48 +0000 (UTC) Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-602c714bdbeso847467b3.1 for ; Tue, 30 Jan 2024 10:35:48 -0800 (PST) X-Gm-Message-State: AOJu0Ywtg9I2uYs7IKT2KSiEBCyANr65BygB+yJOwRghnD++qL9rnM3c b6m+Oofb9i0d/PDjwldV2w3OOSG5eYTQXDCP+YvOQnSg0BgOyYtqkbhbz/mmKNndv07QvfNL+53 /+CzbDIKrzo33xtSy1oAVQgOY0LA= X-Received: by 2002:a81:84cc:0:b0:5ff:9390:26d9 with SMTP id u195-20020a8184cc000000b005ff939026d9mr1435511ywf.20.1706639747037; Tue, 30 Jan 2024 10:35:47 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240130083007.1876787-1-kirill.shutemov@linux.intel.com> In-Reply-To: From: "Jason A. Donenfeld" Date: Tue, 30 Jan 2024 19:35:36 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure To: "Reshetova, Elena" Cc: "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , "x86@kernel.org" , "Theodore Ts'o" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Elena, On Tue, Jan 30, 2024 at 3:06=E2=80=AFPM Jason A. Donenfeld wrote: > 2) Can a malicious host *actually* create a fully deterministic > environment? One that'll produce the same timing for the jitter > entropy creation, and all the other timers and interrupts and things? > I imagine the attestation part of CoCo means these VMs need to run on > real Intel silicon and so it can't be single stepped in TCG or > something, right? So is this problem actually a real one? And to what > degree? Any good experimental research on this? I'd like to re-up this question. It seems like assessing the reality of the concern would be worthwhile. Jason