Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp729171rdh; Wed, 14 Feb 2024 09:33:16 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX1ZD61/W1nEiz7FTPW+DrL6ICYzmFCZTh0y5GjdM6Yo/tqsBmUaBH9NEpgRoAONiecm37NrUrL9JMENsV3b+RhNRyIuobMBPpiDZnxOQ== X-Google-Smtp-Source: AGHT+IEbQTSIstW00INmAQvVIDf9fQze+0+AZpw13FxxRBxdBdBW8VafNxYvAz2TMAvzLVpslFM1 X-Received: by 2002:a05:620a:1a90:b0:785:9472:e570 with SMTP id bl16-20020a05620a1a9000b007859472e570mr4881241qkb.24.1707931996152; Wed, 14 Feb 2024 09:33:16 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707931996; cv=pass; d=google.com; s=arc-20160816; b=GhMLeAE6YHVqAA54wGzHot2fb/mODA8tVHmXrHVc1ADnV1M02Nz1YedlSWpGHJthFf UVhL/9tnoTzCnzac35DpEXU2k8YehqprLa7oiNmgsHgpYmgG8qali23JwzfpP140wEA2 rzLtc1AuHFIjoQgRu4jy2bbSmMNmJFWZZreHzuTYeDOzaSznZAEN5ClHmBycrHAFpocu DsWpXFXPchU2habOPGHiKAfXHZhwVkyuH7gHx9Z2323KwFNtJYs7EHrv/jbY/rERkANh JGW5NdVbX3Z/6gDD8o5UvNPGwQsiQVCUMHlACWyAX2S/+9aa3QJHTwtaqmF6pl1/tiA+ NX0w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=beUUffneuudJkacRV0x7r7IuQSNqrKmc2NrDlT8aag4=; fh=XU4wb0sZc6jzTaBoYn8wZIVOWQ+GIjSzkbUazSZ09M8=; b=iMQ4q3HxPSQ0SR50XLH12DPIy6ZmW1VLuizU73CjKaeZDfiw9xb72mhDLvPP8ilX13 Ddc32HW4dtYw2HyhyA6qC10ANL6P0ArfHVKzsHSS6Cj+ME0kRrjKd5JpADFIX89uXMzk 5Vu2OGxiqtQJOMJVmKijIb8JhWRbjng2s2GW+vaeGybot5CcRv7msRgNIJPM5BuLx9v1 I4FMj3JO7dE53Gbs8FXz5SF341ccp7vYAIfcWaSbuK9HVFcGfEWfZDuMJJ03RSF9dvfm dLczvY6c9eVgoIIeMAqLnEleuNrcknPTbyKJQ71JUMYU3xp3OvUDL6w74ZAwgenXolgt RGgQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=c0iUHQul; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com X-Forwarded-Encrypted: i=2; AJvYcCVu/fHBSdEEb7ocSldS/xbBnGn1LbFWQKET0fOh87w884qO49PxSFR9xmsf4ar/G/gYiOwDKlYyYy026fav0+unL6aBLVtbrbSrdjtshA== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id bq31-20020a05620a469f00b00787225f72c3si4123408qkb.312.2024.02.14.09.33.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 09:33:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=c0iUHQul; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 25CBA1C2959D for ; Wed, 14 Feb 2024 17:32:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A321685290; Wed, 14 Feb 2024 17:30:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="c0iUHQul" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC10F8526E; Wed, 14 Feb 2024 17:30:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707931839; cv=none; b=FkDnkqZnppEOyT1FNRV8P5QKAUndMKhhWm1UUm10vnp5q1N8P7u364ZEyA+xr2AxQxUvWsH77vZk3Hn21KOfJ4WODTkplsjxieblFlpSnfs00m0iYwq9QPuJXJYEvpb/y9RwSd2sd0dSDV6/B5g/3vtN4KaFPImNUSTztVRf9mo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707931839; c=relaxed/simple; bh=beUUffneuudJkacRV0x7r7IuQSNqrKmc2NrDlT8aag4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=WajeZMcH3DZIgtQA3Vl1FC4wqrTkopmPOHFFLxd3mn/6OcxU8J4qWrGrTHhriCvMClEx1TtTOlieWKu0YocwF6OAER9R1CCs1tN525iTxv6dHlRlZ/0mWK9QHY6CNOiBBGPypa99bmdh33BdGbqNWFAref8KvNHhGFwWc3yo7/k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=c0iUHQul; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id CD322C433F1; Wed, 14 Feb 2024 17:30:37 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="c0iUHQul" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1707931835; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=beUUffneuudJkacRV0x7r7IuQSNqrKmc2NrDlT8aag4=; b=c0iUHQulPwcOVLCrAm9mAJdG8jKvao5q59BoHylqGh55fJNjjfaINH1+t5a+eTfmKU+TET pFIFPtgdPRi5zrH/8Nj+4mUv6h0IUH6OHZtacxYXWeCJwVPnHy1BizSRvSdCEqJT4Yev1i SCyyd+zj8yLuISQWCck1FW/fq9hEjYk= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 4ac7b6d3 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 14 Feb 2024 17:30:35 +0000 (UTC) Date: Wed, 14 Feb 2024 18:30:35 +0100 From: "Jason A. Donenfeld" To: "Reshetova, Elena" Cc: "Kirill A. Shutemov" , "H. Peter Anvin" , Theodore Ts'o , Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure Message-ID: References: <20240131171042.GA2371371@mit.edu> <20240201045710.GD2356784@mit.edu> <20240202153927.GA119530@mit.edu> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: On Mon, Feb 12, 2024 at 08:25:33AM +0000, Reshetova, Elena wrote: > So the change would be around adding the notion of conditional entropy > counting (we will always take input as we do now because it wont hurt), > which would automatically give us a correct behavior in _credit_init_bits() > for initial seeding of crng. I basically have zero interest in this kind of highly complex addition, and I think that'll lead us back toward how the RNG was in the past. "Entropy counting" is mostly an illusion, at least in terms of doing so from measurement. We've got some heuristics to mitigate "premature first" but these things will mostly only ever be heuristic. If a platform like CoCo knows nothing else will work, then a platform-specific choice like the one in this patch is sufficient to do the trick. And in general, this seems like a weird thing to design around: if the CPU is actually just totally broken and defective, maybe CoCo shouldn't continue executing anyway? So I'm pretty loathe to go in this direction of highly complex policy frameworks and such. Anyway, based on your last email (and my reply to it), it seems like we're mostly in the clear anyway, and we can rely on RDRAND failure ==> hardware failure. Jason