Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1106617rwb; Wed, 16 Nov 2022 12:09:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf6djypINu2DLtI1fS0ZaLHyzUOYxHp2Tpz21N6cVwS7WiylGvYrYFO8WCZ+2oyyC5H0KUlL X-Received: by 2002:a17:906:1f49:b0:7ae:76a4:e393 with SMTP id d9-20020a1709061f4900b007ae76a4e393mr19564548ejk.743.1668629367835; Wed, 16 Nov 2022 12:09:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668629367; cv=none; d=google.com; s=arc-20160816; b=U+OPWRX2sfX+WWPKDIERqugPt5Zf2ZCNFO4oJp/Rw+K5RL+ypVyc7QmFS2JtYUmN7o oNunFHOY1CnL8l2ITFO40Fd8gawO/0JeCn+VRvUTjl1ajSCM09KlbfB9D9Ehfe04QmCW 5ym+e5O9Xl7ayAXdAD4J88P7waTZ7f+s50q+PySGrKTMxSOHwR1brYE2K5MqqxYGnsa6 JDMzHSFQahcaIfORnSWYcELDUw00zcBimnIuYbdGw2y5okifNracLBIlhaNfI6b8Vzks qJs2/D5ydPkT/u2HjQLYb8rkElJca6TsOqA02bFU3tvRdrInGpLZn4GJxFdMXfsRIZFx Jd6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=L+lac/9Nxb5wUqkltEH21OF/Yf9EDeqLnEARlz2sdDc=; b=ZonNdBxD2MPWkfebx8TkLwtPxvTL47wLTjbHhznaGILekP+3qRXbSS/5yhKAsTItCV 0RdVn6E0GD/lAaZkDbnhezYaHSrk9cBTh8P/r/zpt3MvmT6AarXVaJn++iOqyqcMV6Bk qLxGi7f8RA4jBk6dIBxmVJsxMq84eqEsNAuztiH3t9lOHBBklH6z1Ubt44Ihn6aIKqLv +mf372mymKTlLXXJo/vqf1lKGIeJnym84w5kB4JQafcYTUdhxSgA2S6bxtwS9FMnMvJY N9Ss8nIyPF2XalSIQvVnBKx7RqjeYtk51zjNHnLoHaT8O9F7K4EZxwZocuL9Wu42hfKq TWuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b="gi1c1/+Y"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dp14-20020a170906c14e00b007adb80fc5d0si14078206ejc.461.2022.11.16.12.08.53; Wed, 16 Nov 2022 12:09:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b="gi1c1/+Y"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232341AbiKPUIc (ORCPT + 99 others); Wed, 16 Nov 2022 15:08:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38372 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232557AbiKPUIb (ORCPT ); Wed, 16 Nov 2022 15:08:31 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E78672BF0; Wed, 16 Nov 2022 12:08:28 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A171EB81D83; Wed, 16 Nov 2022 20:08:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E42EAC433D6; Wed, 16 Nov 2022 20:08:25 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="gi1c1/+Y" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1668629302; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=L+lac/9Nxb5wUqkltEH21OF/Yf9EDeqLnEARlz2sdDc=; b=gi1c1/+YTN6caDPSNaF4jbxVz1ku9QzNsV+SE4KyBXhEWC1kYzzbiSa9uqBm5u3OC4sCYn vLTn9E3EZNIek1knqMNs7ffLz3a2N4soKS6vWIfWQ9PndXWJvhvGeBW9HeTYZzYn4abA2G q111OWcr1tKaBAr9X52t7BstgyVujaM= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 5465c683 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 16 Nov 2022 20:08:22 +0000 (UTC) Received: by mail-vk1-f181.google.com with SMTP id b81so8862979vkf.1; Wed, 16 Nov 2022 12:08:22 -0800 (PST) X-Gm-Message-State: ANoB5pmQ6JwVFVqIzfpKwJQsYBHlQxVYbnC/OVAXEoLrAdjXrT6B6UhT 2LbLXOuelXpOzowxcSWqHopxsdwlVDFcs2mnawc= X-Received: by 2002:a05:6122:1883:b0:376:5afd:d30c with SMTP id bi3-20020a056122188300b003765afdd30cmr13534613vkb.13.1668629302032; Wed, 16 Nov 2022 12:08:22 -0800 (PST) MIME-Version: 1.0 References: <20221116161642.1670235-1-Jason@zx2c4.com> <20221116161642.1670235-6-Jason@zx2c4.com> <7837b12a39b1d6721387ca95554c79003bd16c4e.camel@HansenPartnership.com> In-Reply-To: <7837b12a39b1d6721387ca95554c79003bd16c4e.camel@HansenPartnership.com> From: "Jason A. Donenfeld" Date: Wed, 16 Nov 2022 21:08:10 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed variables To: James Bottomley Cc: Ard Biesheuvel , linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org, Lennart Poettering Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Nov 16, 2022 at 8:42 PM James Bottomley wrote: > It would be nice if they could be boot services only ... then they > disappear naturally, but that would mean the rng would have to > initialize and save in the EFI stub before ExitBootServices, which > doesn't seem practical. That would be nice, but the whole idea is it gets updated by Linux's RNG, so that won't work. `boot|runtime` it is, then. Jason