Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp237364rdh;
        Tue, 13 Feb 2024 15:42:07 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCV9EpcwJo6JUXsvQoZvUTiwhBFQcMjJfv+Ktqe2n1NPfZLcQo1DFiMKLJicivlwAx2v260suWRIiwIP6C3tEbxw3rSwccemGHmMDYgEcA==
X-Google-Smtp-Source: AGHT+IERx2JrT2EMxDUp2RzL41M38A1+2wRY9ZJHBR3ltaO+HVobGN3OUHZ0ozAReN/S9vzlNbfu
X-Received: by 2002:a17:902:a386:b0:1d9:1cb5:558b with SMTP id x6-20020a170902a38600b001d91cb5558bmr1078858pla.15.1707867726834;
        Tue, 13 Feb 2024 15:42:06 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707867726; cv=pass;
        d=google.com; s=arc-20160816;
        b=MoVFspvqmlFfeGnhvH+xRd5SqudzuPIBXSwcaJYzlkeRoDxN/cFa7nkBabUQiaByjk
         mJnECngHUXzyTmtE/cdFXMbooltGWFRZ/ZJ4PhfSC6wNryzcHJpN7UpRyo7fmHkiXTfK
         rbHnrm1LmZKXkjq6b6ZqqasCdhn3+jF5/Xbhu60B98BFUrEbATWy2Umawv0Yu18QVk0f
         6A/PZTvz4+mrNFK6VtYg+Jr6InvUOLp4bALds1gK+kmPaFt9iv3XGDjqBrG+7TyR7Qy+
         Ka5c5lFAKylYwGy838Pq57mCUQaYjeuEWQFv5UvYyEn9JYQRg6iGgqMwC57OmMpRG0/s
         6PeQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=wwrGC1FNnOW190/1wKhOVWxjmtFKCbQRLRYMM3aJ8JY=;
        fh=mUdpFZwcVO3SzCh3Sm43qn2FDdSa/gAmjcIVyZAMELg=;
        b=s52wz5S3O3t5HmYC5OfKMnNMC+fHCfrNAVoDIaenNeXmoOYoGtuIbbTAUjJ4lZbwCo
         FG/Tn2X500SP6g+qQJ1Jj5e2kOboKJ8kIbhJ6jXGKZKBYzjANpp7an+Q6z2KPhC/izj+
         Or2ulzdH291BZujGi2G8FnCkDaXxhEeVjnIZJ9Xa1PjlGv0HP94nT5FyjgN5Hw+1NZC+
         3ASiKnkv7wtFaBQHMrDJGhM1zna2bahFimSH4dKSPh7MlYTkD9rUpgzuFPqq2B8gMDYt
         ZnDFHloDupNu96SaYPKieEYPt66p9wfaLUIEr5NW9ro5hSN0Orbrz8WfAeyFV4GBzW6U
         hocA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@mit.edu header.s=outgoing header.b=RuXQ03U6;
       arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu);
       spf=pass (google.com: domain of linux-kernel+bounces-64523-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-64523-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu
X-Forwarded-Encrypted: i=2; AJvYcCVOCLHGxWDQQdE5Ypg0gZkhsXrAWKQ2YEUOn78/3wjyWAcAUWdVblcdNAkGOAaPCMw8nip7On2CDBilMqgJui+FNZ4t9jLF1M3IIabNfg==
Return-Path: <linux-kernel+bounces-64523-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id y24-20020a170902b49800b001db27db5956si2753344plr.56.2024.02.13.15.42.06
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Feb 2024 15:42:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-64523-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mit.edu header.s=outgoing header.b=RuXQ03U6;
       arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu);
       spf=pass (google.com: domain of linux-kernel+bounces-64523-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-64523-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 41E04B2CDEA
	for <linux.lists.archive@gmail.com>; Tue, 13 Feb 2024 23:15:20 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id DCDA663136;
	Tue, 13 Feb 2024 23:14:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b="RuXQ03U6"
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 826D862A12
	for <linux-kernel@vger.kernel.org>; Tue, 13 Feb 2024 23:14:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.9.28.11
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1707866090; cv=none; b=TfJ0on8lbhCW/F2jInr62BLz/P9eQyIDne+N1kYf6sZbJsQQ2xb8INF62ksqTnp71R/v2xf7UXwrWCxoseWYEROkb7ZC5/6RP9VsOBPbEKSCzF5uigsnO81rJsSzXtG9yTWQm5ityQfSuvxnTXgTHNaz0qQGRpGVrjhFuL5YWDs=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1707866090; c=relaxed/simple;
	bh=tm9bh5WYq9qFOSmpNFY5tnSe6fXVetze1S53nUYpGLQ=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=lj/0njfmUcPAVHhAVQOg4cT1t22accH6IAfOiel/t/iAwfwItc0ywZIDHDLOyR3mk4bIh4lj9FoaXEM5Z/9k/RA4aLocCyHN6ozUsWOCr23gKzu00f2HFvYl7sAfq5s3oIYMc8hOKt5EEqmJT3kcV1ZmRIANC7Wu4MOplkZNpQQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu; spf=pass smtp.mailfrom=mit.edu; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b=RuXQ03U6; arc=none smtp.client-ip=18.9.28.11
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mit.edu
Received: from cwcc.thunk.org (pool-173-48-116-68.bstnma.fios.verizon.net [173.48.116.68])
	(authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 41DNDfdn018753
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Tue, 13 Feb 2024 18:13:43 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
	t=1707866026; bh=wwrGC1FNnOW190/1wKhOVWxjmtFKCbQRLRYMM3aJ8JY=;
	h=Date:From:Subject:Message-ID:MIME-Version:Content-Type;
	b=RuXQ03U6F0BbF3jEXwi+edV15YcD1YUV4rf+CpvWMs17CNDbwPTXIWAB5k4mfJh7Y
	 L3p31VGYjVY2XGFmfUVz3AWGue7leXoBkmzqrkt0PpIV20cXUXFabcuz6fO47gXmNn
	 AeHegxXbvNIyGUxlKKusqTYeU5xNrOZ/TQ3dMY+FzFFRgCMdPjHmjYsqcLH8yf1Dhc
	 sDl9/s2f+LTURc8xxgi8H3YG/C81J5g9TOJ72+FvvZfB1ydAUsDYhbCZ0PUZerbvnD
	 wvK0JtHhX4ljNcR+rKk1ya+HqIjciNDej+OLG2liLiy2a1gs5H8D6Oc7LFuLyjll2s
	 LTPMdfQET8J1g==
Received: by cwcc.thunk.org (Postfix, from userid 15806)
	id 824A915C0336; Tue, 13 Feb 2024 18:13:41 -0500 (EST)
Date: Tue, 13 Feb 2024 18:13:41 -0500
From: "Theodore Ts'o" <tytso@mit.edu>
To: Dan Williams <dan.j.williams@intel.com>
Cc: "Reshetova, Elena" <elena.reshetova@intel.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        Borislav Petkov <bp@alien8.de>, "x86@kernel.org" <x86@kernel.org>,
        Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>,
        "Nakajima, Jun" <jun.nakajima@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "Kalra, Ashish" <ashish.kalra@amd.com>,
        Sean Christopherson <seanjc@google.com>,
        "linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure
Message-ID: <20240213231341.GB394352@mit.edu>
References: <CAHmME9q-eUXnXnpaDu0VOQemOYysst7SaJ-=b8-vCFP9h50Szg@mail.gmail.com>
 <20240201045710.GD2356784@mit.edu>
 <CAHmME9oqM2a766dBK22-yKr8=2-icg=UkQzmBOF8G5Zh_Y9E9w@mail.gmail.com>
 <DM8PR11MB57505F657A8F08E15DC34673E7422@DM8PR11MB5750.namprd11.prod.outlook.com>
 <20240202153927.GA119530@mit.edu>
 <Zb4RlTzq_LV7AzsH@zx2c4.com>
 <CAHmME9owdbHzfb66xisoWmvWeT_-hkxCu7tR2=Rbye_ik1JgQQ@mail.gmail.com>
 <DM8PR11MB5750C1A848A9F1EF6BE66241E7482@DM8PR11MB5750.namprd11.prod.outlook.com>
 <20240212163236.GA444708@mit.edu>
 <65cb1a1fe2dda_29b1294e@dwillia2-mobl3.amr.corp.intel.com.notmuch>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <65cb1a1fe2dda_29b1294e@dwillia2-mobl3.amr.corp.intel.com.notmuch>

On Mon, Feb 12, 2024 at 11:28:31PM -0800, Dan Williams wrote:
> Sure there is, that is what, for example, PCI TDISP (TEE Device
> Interface Security Protocol) is about. Set aside the difficulty of doing
> the PCI TDISP flow early in boot, and validating the device certficate
> and measurements based on golden values without talking to a remote
> verifier etc..., but if such a device has been accepted and its driver
> calls hwrng_register() it should be added as an entropy source.

How real is TDISP?  What hardware exists today and how much of this
support is ready to land in the kernel?  Looking at the news articles,
it appears to me like bleeding edge technology, and what an unkind
person might call "vaporware"?  Is that an unfair characterization?

There have plenty of things that have squirted out of standards
bodies, like for example, "objected base storage", which has turned
out to be a complete commercial failure and was never actually
deployed in any real numbers, other than sample hardare being provided
to academic researchers.  How can we be sure that PCI TDISP won't end
up going down that route?

In any case, if we are going to go down this path, we will need to
have some kind of policy engine hwrng_register() reject
non-authenticated hardware if Confidential Compute is enabled (and
possibly in other cases).

				- Ted