Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp1349939rdb; Sat, 3 Feb 2024 02:57:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmEFFYxJ2/LEzJfccQw3FROX5PFmNwDwsqKJ9tA7q+UbmS3OLBV3xLPjOXXMa1CE2UOggl X-Received: by 2002:a17:90b:4b41:b0:295:fb9c:f6c9 with SMTP id mi1-20020a17090b4b4100b00295fb9cf6c9mr8914341pjb.0.1706957860263; Sat, 03 Feb 2024 02:57:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706957860; cv=pass; d=google.com; s=arc-20160816; b=NFsqVwzlbzY9C1L3uZptsa1iEGxXjjjV0hCRBaTpokW5xRQq1I8FDN/xEI1MfhM4U/ 3ciyTGPfF+sC3i8JJ85ZxZSUgkCxCE3RjOLS9YtiUL7wqWgMhKvuSKo7wZJRkm+Dk7lH jUdntZeSP9C/xdNiIAWiUtkpgX35JdliZFGP04AoQnFQ5bM+LaKkEG7efOeUeefHVNZZ innJf74RoS0DZVEFKeWt5O0ueUgWb7DYtQUADM6Cv5we5q2uG7Ii+tBc99Xlv9M1V7SJ dZeXmKraFJqoo8/H6OYG3/61ouNHWiIFc0VgwYKsPYZxbbugpJZhASNr8nEoqBHVcW+L oDrg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Fyk47rv6PoXblVb+58I9Tj/qLrH+SfbKgfIIMGJ0GzE=; fh=vCwze2brogkUVZzE8JDZu73RqWjS/uuY3O2IzkDv+Vc=; b=s9X3XkcML+PBTehZfbujQR4gSPHRS0RwAZkP1vlKBdVGSwWzwZE+QiRvHa1ZAbiCrH COselRJ2VODonv+sns5UjtmKmAzn/fZj2GnrrsB0HaDqMZwkBUmP8lrEIC4XoGZa8KSR oEnezxpJtx81AksjWsTINN9+yJQei7O7gTYZXiqOPRsBWsOWXXzVUSPfxVHDoq6YpwHT M5j5Xx6WiXEU48ZZN+lo/M8Xdu/rj1kukS6zSn2++febZRkelq2xcd5UlBgXDF2nv/LL SKVxS7dVtR8rRP4LrukxrZ0N24TzvQ3quSUp1tHjUQVFjVzaP3td309eruIpOmIkZIQz JRdA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=jUTnY4su; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-51021-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-51021-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com X-Forwarded-Encrypted: i=1; AJvYcCV/5M6EqeqaGLVspMzXEZk0+CvCTY2weXUEoaFIJMxpXqFDRODY2Fi/8DrL6fHYuJjD3+nY90rtA8TMQdKMuF/AYzwx/ot8GLxNDVlStQ== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id h17-20020a17090ac39100b002966de3616csi326893pjt.26.2024.02.03.02.57.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 03 Feb 2024 02:57:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-51021-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=jUTnY4su; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-51021-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-51021-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id E9ED2B251D3 for ; Sat, 3 Feb 2024 10:12:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 117F65D737; Sat, 3 Feb 2024 10:12:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="jUTnY4su" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA4A15D72E; Sat, 3 Feb 2024 10:12:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706955164; cv=none; b=He6pLdDwcw+YTBRjHoHh7FWcUUiTBUnlF4ZBR/tC1z75TwT/FmHBOYg06pHeXKmkvmqQo6yKmJeYAqkDgh3rYOWoTiO/GAzol2F+eiLrd6VBg1MDSroW62kp0ncSiY1vqJygH3ha0NrFc924oMIDT7FgV3e5oPtW+F26TB1SknA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706955164; c=relaxed/simple; bh=DvXqZtbYFVinLivL3K4A/ClltCGxOW4cow1fDLrjL9A=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=HCEHmCdeIoAKFsMF4yDZr8L8Bmn/NIAf5zoiqbxlqrcB7Qb+L4oQkxll2ZJ2VkevjZUmzLfHoTTuuamGmGvuxDFjoH6PaEL50yMGh4OyPqc9nKi37Zfz2kXHVqRrNfzeHb2WGoRDMQ0alXlDUcXXJeUyKnKlZ3RvnhOk8WWWTB8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=jUTnY4su; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9402BC433F1; Sat, 3 Feb 2024 10:12:42 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="jUTnY4su" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1706955161; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Fyk47rv6PoXblVb+58I9Tj/qLrH+SfbKgfIIMGJ0GzE=; b=jUTnY4su1U7l4f/7BLAhdUi1vD/Oo6HHZp5XMY5o3SvJ0sasDgJTMby5wxjTzpIsXSjRbt zMYNSdoHnQaFRj5S54sERYGFkowrbnduWTcpq7o8vrE2BErJMTjfKmTYZ8NKQQk8yRi941 lIjlYerzkuq0HNN8mnPkQD1pz1IAi4M= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id be5d1e7e (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sat, 3 Feb 2024 10:12:40 +0000 (UTC) Date: Sat, 3 Feb 2024 11:12:37 +0100 From: "Jason A. Donenfeld" To: Theodore Ts'o Cc: "Reshetova, Elena" , Dave Hansen , "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "x86@kernel.org" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure Message-ID: References: <20240131140756.GB2356784@mit.edu> <20240131171042.GA2371371@mit.edu> <20240201045710.GD2356784@mit.edu> <20240202153927.GA119530@mit.edu> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240202153927.GA119530@mit.edu> Hi Ted, Kirill, On Fri, Feb 02, 2024 at 10:39:27AM -0500, Theodore Ts'o wrote: > On Fri, Feb 02, 2024 at 07:25:42AM +0000, Reshetova, Elena wrote: > > This is a great summary of options, thank you Jason! > > My proposal would be to wait on result of our internal investigation > > before proceeding to choose the approach. > > I'm happy for the option "Do nothing for now", but if we do want to do > something in the absence of more detailed information, I'd suggest > doing something simple for first, on the theory that it doesn't make > things worse, and we can always do something more complicated if it > turns out to be needed. > > In that vein, my suggestion is: > > > > Solution B) BUG_ON(is_early_boot && is_coco_system) in the RDRAND > > > failure path (> 10 retries). > > > > > > This is slightly less simple than A, because we have to plumb > > > CoCo-detection through to the RDRAND helper. [Side note: I feel > > > ridiculous typing 'CoCo'.] Systems-wise, I don't see drawbacks. > > > RNG-wise, the drawback is that this doesn't help deal with secure > > > reseeding later in time, which is a RNG property that we otherwise > > > enjoy. > > If there isn't a global variable we can test to see if Confidential > Compute is enabled, I suspect we should just add one. I would assume > that /dev/random isn't the only place where we might need to do > whether Confidential Compute is enabled. > > So I don't think plumbing CC into the /dev/random code, and since we > are only doing this in early boot, I wouldn't put it in the RDRAND > helper, but rather in the caller of the RDRAND helper that gets used > in the early boot path. Yea, actually, I had a pretty similar idea for something like that that's very non-invasive, where none of this even touches the RDRAND core code, much less random.c. Specifically, we consider "adding some extra RDRAND to the pool" like any other driver that wants to add some of its own seeds to the pool, with add_device_randomness(), a call that lives in various driver code, doesn't influence any entropy readiness aspects of random.c, and can safely be sprinkled in any device or platform driver. Specifically what I'm thinking about is something like: void coco_main_boottime_init_function_somewhere_deep_in_arch_code(void) { // [...] // bring up primary CoCo nuts // [...] /* CoCo requires an explicit RDRAND seed, because the host can make the * rest of the system deterministic. */ unsigned long seed[32 / sizeof(long)]; size_t i, longs; for (i = 0; i < ARRAY_SIZE(seed); i += longs) { longs = arch_get_random_longs(&seed[i], ARRAY_SIZE(seed) - i); /* If RDRAND is being DoS'd, panic, because we can't ensure * confidentiality. */ BUG_ON(!longs); } add_device_randomness(seed, sizeof(seed)); memzero_explicit(seed, sizeof(seed)); // [...] // do other CoCo things // [...] } I would have no objection to the CoCo people adding something like this and would give it my Ack, but more importantly, my Ack for that doesn't even matter, because add_device_randomness() is pretty innocuous. So Kirill, if nobody else here objects to that approach, and you want to implement it in some super minimal way like that, that would be fine with me. Or maybe we want to wait for that internal inquiry at Intel to return some answers first. But either way, this might be an easy approach that doesn't add too much complexity. Jason