From: "Theodore Y. Ts'o" Subject: Re: [PATCH] random: add a config option to trust the CPU's hwrng Date: Wed, 18 Jul 2018 10:26:25 -0400 Message-ID: <20180718142625.GA5942@thunk.org> References: <20180718014344.1309-1-tytso@mit.edu> <37046662f2b38f98854abfa1b5868a27c3fa0888.camel@opteya.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-crypto@vger.kernel.org, Linux Kernel Developers List , labbott@redhat.com To: Yann Droneaud Return-path: Content-Disposition: inline In-Reply-To: <37046662f2b38f98854abfa1b5868a27c3fa0888.camel@opteya.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Wed, Jul 18, 2018 at 09:22:13AM +0200, Yann Droneaud wrote: > > The text message should explain this is only relevant during > initialization / early boot. > > The config option name should state this. There are other workarounds for hangs that happen after initialization / early boot, yes. They are of varying levels of quality / safely, but that's neither here nor there. However, enabling config option means that the CRNG will be initialized with potentially information available to the CPU manufacturer and/or Nation States, and this persists *after* initialization / early boot. So to say, "we're perfectly safe after we leave initialization / early boot" is not true. So I'd much rather make it clear that we are trusting the CPU manufacturer far more than just during early boot. Cheers, - Ted