Re: [PATCH v25 10/12] LRNG - add TRNG support

From: Alexander E. Patrakov
Date: Wed Nov 20 2019 - 04:55:56 EST

20.11.2019 13:58, Stephan MÃller ÐÐÑÐÑ:

Or another idea and apologies if I restart this conversation as there was
already a discussion around it: what about extending the getrandom(2) call
instead of adding a device file?

What about adding yet another flag to getrandom: GRND_TRUERANDOM and process
it as follows:

return -EINVAL;

//From Andy's tree
* Requesting insecure and blocking randomness at the same time makes
* no sense.
return -EINVAL;

/* We only allow GRND_TRUERANDOM by itself or with NONBLOCK */
if (! ((flags & GRND_TRUERANDOM) &&
((flags == GRND_TRUERANDOM) ||
return -EINVAL;

if (flags & GRND_TRUERANDOM) {
... do the TRNG processing ...
... may return -ENOPNOTSUPP if no TRNG available ...

This would totally miss the point of adding a device node: UNIX permissions that don't allow "others" to read and deplete "true" random numbers.

Alexander E. Patrakov