Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp94151rdb; Thu, 1 Feb 2024 03:12:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IHXouiwhLzZN098VFDbfo3FJLWe83jM3X+T4dQKC3hwVUKU4RayyDPNVJXtFC/SYRS/vdNH X-Received: by 2002:a17:90a:6847:b0:296:e3e:fc0 with SMTP id e7-20020a17090a684700b002960e3e0fc0mr2906283pjm.1.1706785927384; Thu, 01 Feb 2024 03:12:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706785927; cv=pass; d=google.com; s=arc-20160816; b=RiNTdWAZiHGSxzSl6myQxi9ztIIPMsz5Ub5nVPaEjMYp3Z+yZ+n5Chu9cwf70UIMfj DMiZKsSgRqtYxd6QpTj+ZMt7OwhbCgxmfIQOOxIEs43pDZHultilQpbtuSI7Ww39715s cUOHacq/UFPkrzBfhxmI//YX0aqIMLFHRQwQ1lG+SeZSNKYaY716H/tgptEqWVlvWUBn GPTT0uqrkj1rBxI4xI/CDyDkoAlfw4IQcw1RjAaQxsclyn09Vhzzn++XnEa0qZRlTNJy k8g9kqIHgoAr0GA+1inpnJzXLuUkn1azs72JQBZrsB64f8Zg1fAkiUooVeFiw/daLHpN x/vQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :reply-to:message-id:subject:cc:to:from:date; bh=eujnZeo1ir0icrWW8OTe7eZq++jvNPfAJJ9nStACNPE=; fh=D+zZOjyUBbiSnaJekI0qWrEXJfmFXAIM1UAlZ+YrHtg=; b=v+c5YhZf5+18oLEhQlQheuTMJG0eEC8lVPMDrKM0ebgZwvxueVL/++khjPmEoiTKlF b4hmBkjJuFYROCZhooAK7pvGgzMn4nhhnzVBKP14ibSgn0NArRkC2zzIuo0aHfGauOtE jRaQXTl6jNk+610Ax3pxJKeSCH4hyq6Crw7SNpUoOnCxNZZEHdJ6u9KsQ60tZBc2P3Qw s0iBbQSQDFfDzX2L2TWy/5i8cph1+Q8pl9lXfrhLYM3q6iL05HsTwjQth98ArceHeQVm 0tN59PhoYm4dpJFdmLO5oj9g/JKMpD86H9sG14/yqzI+cLwkf7ExzYnXQyVAhbSwTgK7 9yXQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=wind.enjellic.com); spf=pass (google.com: domain of linux-kernel+bounces-47994-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47994-linux.lists.archive=gmail.com@vger.kernel.org" X-Forwarded-Encrypted: i=1; AJvYcCXmVwbpW/GSPJxye3JJ9JEIcSq+yF27aIDea8pHP1rEqYXPjqE5ImTLoUhb4ttr2ONy4alu9OrGrhbMGuCsb1kUSWNDX0rWD6ISdhT/VA== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id z24-20020a17090abd9800b002960ee0d73fsi1390127pjr.79.2024.02.01.03.12.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Feb 2024 03:12:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-47994-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=wind.enjellic.com); spf=pass (google.com: domain of linux-kernel+bounces-47994-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47994-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 16476B2344B for ; Thu, 1 Feb 2024 10:58:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CDB1815B991; Thu, 1 Feb 2024 10:57:56 +0000 (UTC) Received: from wind.enjellic.com (wind.enjellic.com [76.10.64.91]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 55AC84D9EC for ; Thu, 1 Feb 2024 10:57:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=76.10.64.91 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706785076; cv=none; b=GxBXA/OVM2ZC3VZLRrpM+eg/6fst5D5zTutTp/lMS8nk71i6O34EOEQaLvmMfHTdIN5vszPPsm96p+mgICFkjuy8tXhdF9uz9+9geOdm8E6Xb4KDss2zngo2mPp7gZ2pT+9aA8IjoUXllaIS7UB+KuEUgiBfhg7CO2AVsSnVn3s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706785076; c=relaxed/simple; bh=z+tD5pWFN5jz+qp55YaYahO9z6v+XGOpjnMoRHg7OqE=; h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version: Content-Type:Content-Disposition:In-Reply-To; b=Hi0oToWqoMF81scup59MS0VGWjbm19+476Okb77klhfWF4/kxie/FYfsiqyXYMVo+6XMLtilR6QVpMX1OY5tK/ByZ0t26R49kZ3uKvhhOGxaR1REwp/ONkgg8UtJOBZbuQaedg2S68+KqNyuNHNq9lV+awlDkbCz0R1jgeOPJxM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=enjellic.com; spf=pass smtp.mailfrom=wind.enjellic.com; arc=none smtp.client-ip=76.10.64.91 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=enjellic.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wind.enjellic.com Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id 411AqvaH018437; Thu, 1 Feb 2024 04:52:57 -0600 Received: (from greg@localhost) by wind.enjellic.com (8.15.2/8.15.2/Submit) id 411AquTL018436; Thu, 1 Feb 2024 04:52:56 -0600 Date: Thu, 1 Feb 2024 04:52:56 -0600 From: "Dr. Greg" To: "Reshetova, Elena" Cc: "Jason A. Donenfeld" , "Daniel P. Berrang??" , "Hansen, Dave" , "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , "x86@kernel.org" , "Theodore Ts'o" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails Message-ID: <20240201105256.GB17612@wind.enjellic.com> Reply-To: "Dr. Greg" References: <20240130083007.1876787-2-kirill.shutemov@linux.intel.com> <88a72370-e300-4bbc-8077-acd1cc831fe7@intel.com> <20240131203531.GA12035@wind.enjellic.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Thu, 01 Feb 2024 04:52:57 -0600 (CST) On Thu, Feb 01, 2024 at 07:26:15AM +0000, Reshetova, Elena wrote: Good morning to everyone. > > On Wed, Jan 31, 2024 at 02:06:13PM +0100, Jason A. Donenfeld wrote: > > > > Hi again to everyone, beautiful day here in North Dakota. > > > > > On Wed, Jan 31, 2024 at 9:17???AM Reshetova, Elena > > > wrote: > > > > This matches both my understanding (I do have cryptography background > > > > and understanding how cryptographic RNGs work) > > > > and official public docs that Intel published on this matter. > > > > Given that the physical entropy source is limited anyhow, and by giving > > > > enough pressure on the whole construction you should be able to > > > > make RDRAND fail because if the intermediate AES-CBC MAC extractor/ > > > > conditioner is not getting its min entropy input rate, it wont > > > > produce a proper seed for AES CTR DRBG. > > > > Of course exact details/numbers can wary between different generations of > > > > Intel DRNG implementation, and the platforms where it is running on, > > > > so be careful to sticking to concrete numbers. > > > > > Alright, so RDRAND is not reliable. The question for us now is: do > > > we want RDRAND unreliability to translate to another form of > > > unreliability elsewhere, e.g. DoS/infiniteloop/latency/WARN_ON()? Or > > > would it be better to declare the hardware simply broken and ask > > > Intel to fix it? (I don't know the answer to that question.) > > > > I think it would demonstrate a lack of appropriate engineering > > diligence on the part of our community to declare RDRAND 'busted' at > > this point. > > > > While it appeares to be trivially easy to force RDSEED into depletion, > > there does not seem to be a suggestion, at least in the open > > literature, that this directly or easily translates into stalling > > output from RDRAND in any type of relevant adversarial fashion. > > > > If this were the case, given what CVE's seem to be worth on a resume, > > someone would have rented a cloud machine and come up with a POC > > against RDRAND in a multi-tenant environment and then promptly put up > > a web-site called 'Random Starve' or something equally ominous. > > > > This is no doubt secondary to the 1022x amplication factor inherent in > > the 'Bull Mountain' architecture. > > > > I'm a bit surprised that no one from the Intel side of this > > conversation didn't pitch this over the wall as soon as this > > conversation came up, but I would suggest that everyone concerned > > about this issue give the following a thorough read: > > > > https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital- > > random-number-generator-drng-software-implementation-guide.html > > > > Relevant highlights: > > > > - As I suggested in my earlier e-mail, random number generation is a > > socket based resource, hence an adversarial domain limited to only > > the cores on a common socket. > > > > - There is a maximum randomness throughput rate of 800 MB/s over all > > cores sharing common random number infrastructure. Single thread > > throughput rates of 70-200 MB/s are demonstratable. > > > > - A failure of RDRAND over 10 re-tries is 'astronomically' small, with > > no definition of astronomical provided, one would assume really > > small, given they are using the word astronomical. > As I said, I want to investigate this properly before stating > anything. In a CoCo VM we cannot guarantee that a victim guest is > able to execute this 10 re-try loop (there is also a tightness > requirement listed in official guide that is not further specified) > without interruption since all guest scheduling is under the host > control. Again, this is the angle that was not present before and I > want to make sure we are protected against this case. I suspect that all of this may be the source of interesting discussions inside of Intel, see my closing question below. If nothing else, we will wait with baited breath for a definition of astronomical, if of course, the definition of that value is unprivileged and you would be free to forward it along... :-) > > > > That said, I have taken an AR to follow up internally on what can be done > > > > to improve our situation with RDRAND/RDSEED. > > > > I think I can save you some time Elena. > > > > > Specifying this is an interesting question. What exactly might our > > > requirements be for a "non-broken" RDRAND? It seems like we have two > > > basic ones: > > > > > > - One VMX (or host) context can't DoS another one. > > > - Ring 3 can't DoS ring 0. > > > > > > I don't know whether that'd be implemented with context-tied rate > > > limiting or more state or what. But I think, short of just making > > > RDRAND never fail, that's basically what's needed. > > > > I think we probably have that, for all intents and purposes, given > > that we embrace the following methodogy: > > > > - Use RDRAND exclusively. > > > > - Be willing to take 10 swings at the plate. > > > > - Given the somewhat demanding requirements for TDX/COCO, fail and > > either deadlock or panic after 10 swings since that would seem to > > suggest the hardware is broken, ie. RMA time. > Again, my worry here that a CoCo guest is not in control of its own > scheduling and this might make an impact on the above statement, > i.e. it might theoretical be possible to cause this without > physically broken HW. So all of this leaves open a very significant question that would seem to be worthy of further enlightenment from inside the bowels of Intel engineering. Our discussion has now led us to a point where there appears to be a legitimate concern that the hypervisor has such significant control over a confidential VM that the integrity of a simple re-try loop is an open question. Let us posit for argument, that confidential computing resolves down to the implementation of a trusted computing platform that in turn resolves to a requirement for competent and robust cryptography for initial and ongoing attestation, let alone confidentiality in the face of possible side-channel and timing attacks. I'm sure there would be a great deal of interest in any information that can be provided that this scenario is possible, given the level of control that is being suggested that a hypervisor would enjoy over an ostensibly confidential and trusted guest. > Best Regards, > Elena. Have a good day. As always, Dr. Greg The Quixote Project - Flailing at the Travails of Cybersecurity https://github.com/Quixote-Project