Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp56555rbb; Fri, 23 Feb 2024 11:33:52 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW74OZveIINU1U6uVRCcM9AvWnK4TIEqOMo2VwJTxU63plTAngfONV+GYmN9EkO9Br/kEi0y1rrhx2k94eQw8Wdt3AnOalzqll/ng5pyA== X-Google-Smtp-Source: AGHT+IGXnYbfH7Nx3rh7mJB2NDX9dYPKiNAtPcAq75wstXtISaFBL25aiKFjLcAMovEvoQXDutyu X-Received: by 2002:a0c:e0d3:0:b0:68f:52b3:6d12 with SMTP id x19-20020a0ce0d3000000b0068f52b36d12mr847540qvk.29.1708716832264; Fri, 23 Feb 2024 11:33:52 -0800 (PST) Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id q6-20020a05621419e600b0068f0da24fd3si15665548qvc.180.2024.02.23.11.33.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 11:33:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-79030-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=ers+pVUM; arc=fail (signature failed); spf=pass (google.com: domain of linux-kernel+bounces-79030-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79030-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id F121D1C237CE for ; Fri, 23 Feb 2024 19:33:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 656A51448C6; Fri, 23 Feb 2024 19:33:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ers+pVUM" Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2061.outbound.protection.outlook.com [40.107.93.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 227D61D6B6 for ; Fri, 23 Feb 2024 19:33:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.61 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708716827; cv=fail; b=fPHnpup/UqlRos9mPClBD+uG/Fha46W5uUjp2h2x8irSTnymUS4KnepfjJrvwVN0+7F2ItkpBOl2OkrnbOTOVB4McHdtZlLxUvuzQXS52lDlvFW7YX0ybmc70I8NtY9vFBNciwwJSbYMCYRk5GGMLVNGdd/3/qfzvA1AK8E/nO4= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708716827; c=relaxed/simple; bh=4uiCfX/z5LeXvnGO+MNumdWku9fly8FO06T4COBsfuk=; h=Message-ID:Date:Subject:To:Cc:References:From:In-Reply-To: Content-Type:MIME-Version; b=BpSsbShGx9q0t0URntgjvRXYmDcHM+M+DNywxps3/HmQ5ZwmI5F2vLgvEFiQbBWeifyZxP/49kB9vBd0A6kkZhBMjnvgbdLWkLhz6wForCyn+rz2f5JKRM9ExWbRfbK576qii3GKWA1QYFBBnlv1f9+GHeB8DXwLV/C3CbIDqU8= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ers+pVUM; arc=fail smtp.client-ip=40.107.93.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xec6rCca/8BrlRMvhZqHju+zOHP6RuBbpTYWs/gkR2LwroXzCfWBGdxpmxR1Rxr2Ftk8ocmg215kEpbxe08FTgZZPqyJF9/iacV09rzATXMNkE7RcA8O2lSwZ3+lUjkoizjZzKjFdiiAFjVpO0dDhDdoHqFMTTkzxzGIvSitsu74UFCOacVKScc5fcQ3SnZiZicb50vL1t6hWp+G6RCKHOk3Kbr0DWQCbx8mRRCTSyXDD5JvR6aV3dTzwlj8/cvdpJ6q1J86hTZgrh5woXpxgApQhdLzy9Oc93p/U3P8v67fpuD10mcY6MBmrviwg/2EgzO6GFs0CUv/2sfmHtxgFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iMwDvuQAv1fsYCgpaTBXhEUbGHmk+EbHebjZp2+bVzk=; b=lQeh0W0RTgfJ3thEkZLvvEaZAfMcA7cRp213JQmT8yqxx4HkXrFYoeK9QmgLJ7g0x0zoXDTB5bhq/UqJslTK+RESwxh5qDoVX/OS8R8F3olYUfuYvuwXr1m/Ae9kBjn/ReYzA+Ki/VhShvhPmmzcnSK1upFg81/Z17OCR3yZW6HAas+If4JRmxZ4NdbuM3ZbM7fdqV92YSGXrrV9jIxKcmyYKa/A0j5mgcALPq7FNMssTUxgyQ/2LeLpcKPNiSirH6EpnosJ2XVbq29uY7WCE3ymdMvYdquVBVg8ey6tQOVvbq8ukf7tCH8/qNicpYUB7g6JlloZhxJr7iHCPWLY4A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iMwDvuQAv1fsYCgpaTBXhEUbGHmk+EbHebjZp2+bVzk=; b=ers+pVUM6G9QQ4NEMjbv0POtU/i5IMnBw9av51t8niRyfn3i/UoFX0N7Yw2dK+wHxbxZccsMklLnvfoySqrRrhXsoBzEe7P++suyjoMepdwbwUm7gzX7+Q8ATR2RFwxLCQ7UnOhAtOhX6z9hvp1zBPFrgt+UUFIw9Du+y9XftiE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) by DM4PR12MB5359.namprd12.prod.outlook.com (2603:10b6:5:39e::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.24; Fri, 23 Feb 2024 19:33:43 +0000 Received: from BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::db9b:a5f:5d0a:2a42]) by BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::db9b:a5f:5d0a:2a42%4]) with mapi id 15.20.7316.018; Fri, 23 Feb 2024 19:33:42 +0000 Message-ID: Date: Fri, 23 Feb 2024 13:33:39 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [PATCH] x86/coco: Require seeding RNG with RDRAND on CoCo systems To: "Jason A. Donenfeld" , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Cc: Borislav Petkov , =?UTF-8?Q?Daniel_P_=2e_Berrang=c3=a9?= , Dave Hansen , Elena Reshetova , "H . Peter Anvin" , Ingo Molnar , "Kirill A . Shutemov" , Theodore Ts'o , Thomas Gleixner References: <20240209164946.4164052-1-Jason@zx2c4.com> Content-Language: en-US From: Tom Lendacky In-Reply-To: <20240209164946.4164052-1-Jason@zx2c4.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-ClientProxiedBy: SA0PR11CA0049.namprd11.prod.outlook.com (2603:10b6:806:d0::24) To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|DM4PR12MB5359:EE_ X-MS-Office365-Filtering-Correlation-Id: 13ad1b35-ee37-4787-b2ae-08dc34a65806 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6S6QJIksn4H9ZT0eX8j+/CvK2t9gUGVQ7YK51skEUDEWKdogXMob1ePoWNOPl0QXlWW0ASR0pTHzpuZFMDxCROWhwThB1kpdL3c+N2fZXlNV25n6qmYwo9Th1gPIe3wOUORdrmE0ShSnCQezf4nwbmIpAQll3ZsVsFyWlwhZ/nDAIjP95oIaJWO0PblwnqCD2K8D+1X5KmHFv281HAcjpj3xL2PjsPKknPH4vwsqdDn2h5Z4KlNhhP2sFJny/cxKHTF+LW/WjsxdeMmyQG8c3x/PHGcVm8i2cZDuh+GPdaQQ6gI/B6Bs6q+DnTrd2ACwBfg6EGaYzswePxtlCuSD4lYCeOSOnToLTUKaodCSJX3JWuMsjO1R3D6vUkXgMf2u1OmquNsVBMqPgfjQpGG9H8v3rjMSSmB5zW5U+TPeIC24N5WcPT01gR5E5XHmy9Y+GmD6+0CBilLKOojiGIug1gwBYGxRcm4PaFia/8DlT0wD2r+BOtEyLwJ5dJ9dwLbOrcoo2iIKh4BnxGYhonJEAxZy4uVTMylgqpQxJhDeCeY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL1PR12MB5732.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ME0yeXJTUzQrbnZ5cVQrdEMvcldoQ3dkeWZWMzBkbDBJdmNOYjhZWGhPNldF?= =?utf-8?B?RDB5dmpYRkYvUW5MZ0FGQ0NIOTNvM2s1UUtIdWlsMDVkQWtFMjk0bFNRWm1p?= =?utf-8?B?YmtycnFLU2Q2NlNvYzQ2OTRSRHZNTHFNVHU2RTJRNE1vY0ZqV25oTUtHZmxK?= =?utf-8?B?by9LcGZlM0VrY29sNFlteVliZ0RzcGtTUjdjMTJjRGwvVFJzc2FWT3ljajRY?= =?utf-8?B?V2s2WDhQcFREZlZYcTBRY1Rxd0h0a1lwT2tnUk93NDhqemxLNHh3M0pUNUd4?= =?utf-8?B?UGxlTndNNWtyak8yekRLYnhUZXlwak9hbjEzMDBFc3NsQTB4WGpjTFFJQ0lX?= =?utf-8?B?QjhFR3VZSTZERUhMTHlmRWEwNTZMUG1CTHdxcFByYWxNRnIwY2xKQmU4UVpL?= =?utf-8?B?WVV0c3Q0YVFsQjN2MktQMjlJM0RYWGJqay8rZjMzZnl3d1JXZ25aWFE5SjBR?= =?utf-8?B?QmM3R2ZqU1pYN2NIRHN2bDBHOWQ5YW5ZUFRqV2tqYlBMZGZnRUF1SkZiRlhU?= =?utf-8?B?bzZFMHVqdDhVTzd2cHNQaXVTdlVYYWIrU1lidkdlUDU0ZDE5UkJSRnBQK0dx?= =?utf-8?B?NFQ5RllOZ2FTck43VDFZVGdWOWQyQlZoSkZXT2hnV3RjMU9oaW45bHV6Tmw3?= =?utf-8?B?SEM2TEdHWEdjUUVEdW1JZWtQeHdHNmVxWk1NNFF1L3NpcldNYml2Y3pJRVd5?= =?utf-8?B?M2JtKzZRRlJCaklSNkZIS0F5ZWRLVWdRdGw1L1pqYkhMTnU5bmNucjhUSmFR?= =?utf-8?B?UGV5bUlmZ1Arc05EVWFLUkhHMC9LOEdGQ0RvTjZJWFlISVZLSHphelB2RURx?= =?utf-8?B?K1RZK2pMTlh4Y25xUEpmQnY4eExSdjlRMjdESkRFb3kzVkJLY1g1aHJuSXJ2?= =?utf-8?B?dkNxMWlGbUVzamZpYjRNTWI4OXFzVjh2QUNLMi9aaG5VaGVrTnloK0lDL3JG?= =?utf-8?B?SFdCcjFjVzY3d2FMSW13UmN2K25Da0d0dGVPSEZMODRkZnJPTjRsNkhPQ3hO?= =?utf-8?B?Znc0VHJ0RExjUDAyakRvd0ZqZ1dzY1RCVUtjNVhQOVYyQ3dXb1RObXMzNmlk?= =?utf-8?B?NHY3SzgvY0RKTnRSWFl4MmFXZ0laQjRjNjRpdjBHOTlROVl6cWorVDZMLzIr?= =?utf-8?B?a2JoZUhJTXJIODRyMUQ1SHJ3bkxaMW9ha2VkTWYvWnljR0EwTTgwVFpSMkc4?= =?utf-8?B?MFMrRjc1NTJrR3docndlUDllZW9iYW9FS0Z0cU9CTnNsZld3WWRpTFdSc0dL?= =?utf-8?B?bndiem5LY2JJcVVLWjB6M3g1NlJQZlVHVFdEdVBQd2ZDb1pmQ3VxZ1EvRVpM?= =?utf-8?B?MXRIUENaY0dEd0dJR0R4dnhmdmFaUWErbnhSbm9SSzM2ZlNicjkzOUxTZkd1?= =?utf-8?B?OW1MeGRVLzdKUzZhb09jOHdvam9uTWxoUDBFTWU4djZhQlA0WXpkV2FoeWhQ?= =?utf-8?B?SGNOamVmVDFjdHZuQTd0TldHRXpLWVRIaVVwbUJYMW5kM3p5ZXVORUk3elhF?= =?utf-8?B?MU5EZ3RUNTRuTDBmanRFbDJ6dEJuTzZjM1o4V2tNb1oxZ3NWTDA4bjJwcnlQ?= =?utf-8?B?enN4MVpWWkJaa2ttQXNpWm5zcDVDcXF0Ui9YNVMwT0tUbHBtWis4K2ZTVThP?= =?utf-8?B?a2lEeDlNQzg5OHgyaFdEU24vWGhpaEJpTGdJYmRVY3BSazBtQndmZFRCWHh4?= =?utf-8?B?ZmFubU5pb0JMK1lrWGQrN1Q5UFJ4NjE0d0p6Z1hhWjYvRDA1SWxheE53MWJP?= =?utf-8?B?SmF0UCtqZWlNeUhUU1RKM0YvZlpwVjQ2V1MzSDNycHR2T2ZTQnZhZEI4b3VP?= =?utf-8?B?cmsvZytLa29hSkFpdEpvL1VENWpvaXlBSDhpVFJQbUNPVUhwaWVzaVlMcmFq?= =?utf-8?B?bjQ4TmkxaEQ0YkVYb21DdE5RTmZWSUo0eHYxZDJBRnIzbFh2eVVmK2xQZ3dY?= =?utf-8?B?aERhcUhLdlBNMExqYjRXckJ3cmJDd08xVXJiMlNaazVCWStheEErME4zZXpN?= =?utf-8?B?eVJGRW4ybk1WaXNscXN0Yk4zdWZpZG1nWDJXQzVza0RhVmZtTzF0QVhvcEc0?= =?utf-8?B?blNMU3pRSEVzUEs5R21Ydjc2S3VNUjVESEUxWWFVYW9GcVNld0lmSm5IbVMw?= =?utf-8?Q?xveqofezi2zv4oKdxeca95hmk?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 13ad1b35-ee37-4787-b2ae-08dc34a65806 X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Feb 2024 19:33:42.7411 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CyZeYnZCROGfAKmzUTqlVcF5TbG4w53tdLu1NFOzdOen1zbYXAauHSA+eS09M6AT56lsGsHE5UXYgpMIh7C9ig== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5359 On 2/9/24 10:49, Jason A. Donenfeld wrote: > There are few uses of CoCo that don't rely on working cryptography and > hence a working RNG. Unfortunately, the CoCo threat model means that the > VM host cannot be trusted and may actively work against guests to > extract secrets or manipulate computation. Since a malicious host can > modify or observe nearly all inputs to guests, the only remaining source > of entropy for CoCo guests is RDRAND. > > Unfortunately, RDRAND itself can be rendered unreliable by the host, > since the host controls guest scheduling and can starve RDRAND's > generation. A malicious host could also choose to simply terminate or > not boot a CoCo guest. So, tie the starvation of RDRAND to a BUG_ON at > boot time. > > Specifically, try at boot to seed the RNG using 256 bits of RDRAND > output. If these fail, BUG(). This doesn't handle the more complicated > case of reseeding later in boot, but that's fraught with its own > difficulties, such as a malicious userspace starving the kernel. For > now, simply make sure the RNG is initially seeded securely during boot, > avoiding the worst of potential pitfalls. > > This patch is deliberately written to be "just a CoCo x86 driver > feature" and not part of the RNG itself. Many device drivers and > platforms have some desire to contribute something to the RNG, and > add_device_randomness() is specifically meant for this purpose. Any > driver can call this with seed data of any quality, or even garbage > quality, and it can only possibly make the quality of the RNG better or > have no effect, but can never make it worse. Rather than trying to > build something into the core of the RNG, this patch interprets the > particular CoCo issue as just a CoCo issue, and therefore separates this > all out into driver (well, arch/platform) code. > > Cc: Borislav Petkov > Cc: Daniel P. Berrangé > Cc: Dave Hansen > Cc: Elena Reshetova > Cc: H. Peter Anvin > Cc: Ingo Molnar > Cc: Kirill A. Shutemov > Cc: Theodore Ts'o > Cc: Thomas Gleixner , > Signed-off-by: Jason A. Donenfeld > --- > Probably this shouldn't be merged until Dave/Elena and others get back > with regards to the full picture, with information from inside Intel. > But I have a feeling this patch, or something like it, is ultimately > what we'll wind up with, so I'm posting it now. > > I don't have a functional CoCo setup, so this patch has only been very > lightly tested. > > arch/x86/coco/core.c | 36 ++++++++++++++++++++++++++++++++++++ > arch/x86/include/asm/coco.h | 2 ++ > arch/x86/kernel/setup.c | 2 ++ > 3 files changed, 40 insertions(+) > > diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c > index eeec9986570e..4e3b1cfe0063 100644 > --- a/arch/x86/coco/core.c > +++ b/arch/x86/coco/core.c > @@ -3,13 +3,16 @@ > * Confidential Computing Platform Capability checks > * > * Copyright (C) 2021 Advanced Micro Devices, Inc. > + * Copyright (C) 2024 Jason A. Donenfeld . All Rights Reserved. > * > * Author: Tom Lendacky > */ > > #include > #include > +#include > > +#include > #include > #include > > @@ -153,3 +156,36 @@ __init void cc_set_mask(u64 mask) > { > cc_mask = mask; > } > + > +__init void cc_random_init(void) > +{ > + unsigned long rng_seed[32 / sizeof(long)]; > + size_t i, longs; > + > + if (cc_vendor == CC_VENDOR_NONE) You probably want to use: if (!cc_platform_has(CC_GUEST_MEM_ENCRYPT)) return; Otherwise, you can hit the bare-metal case where AMD SME is active and then cc_vendor will not be CC_VENDOR_NONE. Thanks, Tom > + return; > + > + /* > + * Since the CoCo threat model includes the host, the only reliable > + * source of entropy that can be neither observed nor manipulated is > + * RDRAND. Usually, RDRAND failure is considered tolerable, but since a > + * host can possibly induce failures consistently, it's important to at > + * least ensure the RNG gets some initial random seeds. > + */ > + for (i = 0; i < ARRAY_SIZE(rng_seed); i += longs) { > + longs = arch_get_random_longs(&rng_seed[i], ARRAY_SIZE(rng_seed) - i); > + > + /* > + * A zero return value means that the guest is under attack, > + * the hardware is broken, or some other mishap has occurred > + * that means the RNG cannot be properly rng_seeded, which also > + * likely means most crypto inside of the CoCo instance will be > + * broken, defeating the purpose of CoCo in the first place. So > + * just panic here because it's absolutely unsafe to continue > + * executing. > + */ > + BUG_ON(longs == 0); > + } > + add_device_randomness(rng_seed, sizeof(rng_seed)); > + memzero_explicit(rng_seed, sizeof(rng_seed)); > +} > diff --git a/arch/x86/include/asm/coco.h b/arch/x86/include/asm/coco.h > index 76c310b19b11..e9d059449885 100644 > --- a/arch/x86/include/asm/coco.h > +++ b/arch/x86/include/asm/coco.h > @@ -15,6 +15,7 @@ extern enum cc_vendor cc_vendor; > void cc_set_mask(u64 mask); > u64 cc_mkenc(u64 val); > u64 cc_mkdec(u64 val); > +void cc_random_init(void); > #else > #define cc_vendor (CC_VENDOR_NONE) > > @@ -27,6 +28,7 @@ static inline u64 cc_mkdec(u64 val) > { > return val; > } > +static inline void cc_random_init(void) { } > #endif > > #endif /* _ASM_X86_COCO_H */ > diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c > index 84201071dfac..30a653cfc7d2 100644 > --- a/arch/x86/kernel/setup.c > +++ b/arch/x86/kernel/setup.c > @@ -36,6 +36,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -994,6 +995,7 @@ void __init setup_arch(char **cmdline_p) > * memory size. > */ > mem_encrypt_setup_arch(); > + cc_random_init(); > > efi_fake_memmap(); > efi_find_mirror();