Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp729171rdh;
        Wed, 14 Feb 2024 09:33:16 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCX1ZD61/W1nEiz7FTPW+DrL6ICYzmFCZTh0y5GjdM6Yo/tqsBmUaBH9NEpgRoAONiecm37NrUrL9JMENsV3b+RhNRyIuobMBPpiDZnxOQ==
X-Google-Smtp-Source: AGHT+IEbQTSIstW00INmAQvVIDf9fQze+0+AZpw13FxxRBxdBdBW8VafNxYvAz2TMAvzLVpslFM1
X-Received: by 2002:a05:620a:1a90:b0:785:9472:e570 with SMTP id bl16-20020a05620a1a9000b007859472e570mr4881241qkb.24.1707931996152;
        Wed, 14 Feb 2024 09:33:16 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707931996; cv=pass;
        d=google.com; s=arc-20160816;
        b=GhMLeAE6YHVqAA54wGzHot2fb/mODA8tVHmXrHVc1ADnV1M02Nz1YedlSWpGHJthFf
         UVhL/9tnoTzCnzac35DpEXU2k8YehqprLa7oiNmgsHgpYmgG8qali23JwzfpP140wEA2
         rzLtc1AuHFIjoQgRu4jy2bbSmMNmJFWZZreHzuTYeDOzaSznZAEN5ClHmBycrHAFpocu
         DsWpXFXPchU2habOPGHiKAfXHZhwVkyuH7gHx9Z2323KwFNtJYs7EHrv/jbY/rERkANh
         JGW5NdVbX3Z/6gDD8o5UvNPGwQsiQVCUMHlACWyAX2S/+9aa3QJHTwtaqmF6pl1/tiA+
         NX0w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=beUUffneuudJkacRV0x7r7IuQSNqrKmc2NrDlT8aag4=;
        fh=XU4wb0sZc6jzTaBoYn8wZIVOWQ+GIjSzkbUazSZ09M8=;
        b=iMQ4q3HxPSQ0SR50XLH12DPIy6ZmW1VLuizU73CjKaeZDfiw9xb72mhDLvPP8ilX13
         Ddc32HW4dtYw2HyhyA6qC10ANL6P0ArfHVKzsHSS6Cj+ME0kRrjKd5JpADFIX89uXMzk
         5Vu2OGxiqtQJOMJVmKijIb8JhWRbjng2s2GW+vaeGybot5CcRv7msRgNIJPM5BuLx9v1
         I4FMj3JO7dE53Gbs8FXz5SF341ccp7vYAIfcWaSbuK9HVFcGfEWfZDuMJJ03RSF9dvfm
         dLczvY6c9eVgoIIeMAqLnEleuNrcknPTbyKJQ71JUMYU3xp3OvUDL6w74ZAwgenXolgt
         RGgQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=c0iUHQul;
       arc=pass (i=1 dkim=pass dkdomain=zx2c4.com);
       spf=pass (google.com: domain of linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
X-Forwarded-Encrypted: i=2; AJvYcCVu/fHBSdEEb7ocSldS/xbBnGn1LbFWQKET0fOh87w884qO49PxSFR9xmsf4ar/G/gYiOwDKlYyYy026fav0+unL6aBLVtbrbSrdjtshA==
Return-Path: <linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id bq31-20020a05620a469f00b00787225f72c3si4123408qkb.312.2024.02.14.09.33.16
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 14 Feb 2024 09:33:16 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=c0iUHQul;
       arc=pass (i=1 dkim=pass dkdomain=zx2c4.com);
       spf=pass (google.com: domain of linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65683-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 25CBA1C2959D
	for <linux.lists.archive@gmail.com>; Wed, 14 Feb 2024 17:32:22 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id A321685290;
	Wed, 14 Feb 2024 17:30:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="c0iUHQul"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC10F8526E;
	Wed, 14 Feb 2024 17:30:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1707931839; cv=none; b=FkDnkqZnppEOyT1FNRV8P5QKAUndMKhhWm1UUm10vnp5q1N8P7u364ZEyA+xr2AxQxUvWsH77vZk3Hn21KOfJ4WODTkplsjxieblFlpSnfs00m0iYwq9QPuJXJYEvpb/y9RwSd2sd0dSDV6/B5g/3vtN4KaFPImNUSTztVRf9mo=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1707931839; c=relaxed/simple;
	bh=beUUffneuudJkacRV0x7r7IuQSNqrKmc2NrDlT8aag4=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=WajeZMcH3DZIgtQA3Vl1FC4wqrTkopmPOHFFLxd3mn/6OcxU8J4qWrGrTHhriCvMClEx1TtTOlieWKu0YocwF6OAER9R1CCs1tN525iTxv6dHlRlZ/0mWK9QHY6CNOiBBGPypa99bmdh33BdGbqNWFAref8KvNHhGFwWc3yo7/k=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=c0iUHQul; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id CD322C433F1;
	Wed, 14 Feb 2024 17:30:37 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
	dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="c0iUHQul"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
	t=1707931835;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=beUUffneuudJkacRV0x7r7IuQSNqrKmc2NrDlT8aag4=;
	b=c0iUHQulPwcOVLCrAm9mAJdG8jKvao5q59BoHylqGh55fJNjjfaINH1+t5a+eTfmKU+TET
	pFIFPtgdPRi5zrH/8Nj+4mUv6h0IUH6OHZtacxYXWeCJwVPnHy1BizSRvSdCEqJT4Yev1i
	SCyyd+zj8yLuISQWCck1FW/fq9hEjYk=
Received: 
	by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 4ac7b6d3 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
	Wed, 14 Feb 2024 17:30:35 +0000 (UTC)
Date: Wed, 14 Feb 2024 18:30:35 +0100
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "Reshetova, Elena" <elena.reshetova@intel.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>, Theodore Ts'o <tytso@mit.edu>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"x86@kernel.org" <x86@kernel.org>,
	Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>,
	"Nakajima, Jun" <jun.nakajima@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"Kalra, Ashish" <ashish.kalra@amd.com>,
	Sean Christopherson <seanjc@google.com>,
	"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure
Message-ID: <Zcz4u9NXtnn4RP4Q@zx2c4.com>
References: <20240131171042.GA2371371@mit.edu>
 <DM8PR11MB5750C7D16DC566CD1329D5A5E77C2@DM8PR11MB5750.namprd11.prod.outlook.com>
 <CAHmME9q-eUXnXnpaDu0VOQemOYysst7SaJ-=b8-vCFP9h50Szg@mail.gmail.com>
 <20240201045710.GD2356784@mit.edu>
 <CAHmME9oqM2a766dBK22-yKr8=2-icg=UkQzmBOF8G5Zh_Y9E9w@mail.gmail.com>
 <DM8PR11MB57505F657A8F08E15DC34673E7422@DM8PR11MB5750.namprd11.prod.outlook.com>
 <20240202153927.GA119530@mit.edu>
 <Zb4RlTzq_LV7AzsH@zx2c4.com>
 <CAHmME9owdbHzfb66xisoWmvWeT_-hkxCu7tR2=Rbye_ik1JgQQ@mail.gmail.com>
 <DM8PR11MB5750C1A848A9F1EF6BE66241E7482@DM8PR11MB5750.namprd11.prod.outlook.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <DM8PR11MB5750C1A848A9F1EF6BE66241E7482@DM8PR11MB5750.namprd11.prod.outlook.com>

On Mon, Feb 12, 2024 at 08:25:33AM +0000, Reshetova, Elena wrote:
> So the change would be around adding the notion of conditional entropy
> counting (we will always take input as we do now because it wont hurt),
> which would automatically give us a correct behavior in _credit_init_bits()
> for initial seeding of crng.

I basically have zero interest in this kind of highly complex addition,
and I think that'll lead us back toward how the RNG was in the past.
"Entropy counting" is mostly an illusion, at least in terms of doing so
from measurement. We've got some heuristics to mitigate "premature
first" but these things will mostly only ever be heuristic. If a
platform like CoCo knows nothing else will work, then a
platform-specific choice like the one in this patch is sufficient to
do the trick. And in general, this seems like a weird thing to design
around: if the CPU is actually just totally broken and defective, maybe
CoCo shouldn't continue executing anyway? So I'm pretty loathe to go in
this direction of highly complex policy frameworks and such.

Anyway, based on your last email (and my reply to it), it seems like
we're mostly in the clear anyway, and we can rely on RDRAND failure ==>
hardware failure.

Jason