Re: early x86 unseeded randomness
From: Linus Torvalds
Date: Mon Aug 14 2017 - 13:47:55 EST
On Mon, Aug 14, 2017 at 10:35 AM, Borislav Petkov <bp@xxxxxxxxx> wrote:
>
> how about we address that unseeded randomness usage during early boot by
> falling back on the TSC on x86? I mean, we already do that for the stack
> canary value anyway...
That patch is completely broken:
> + if (crng_ready())
> + get_random_bytes(&canary, sizeof(canary));
> + else
> + canary = rdtsc();
> +
> tsc = rdtsc();
> canary += tsc + (tsc << 32UL);
So now you do rdtsc() twice, and then add them together.
Adding the same value together adds absolutely zero information.
Quite the reverse - it just makes the values cancel out and you're
shifting away one bit.
So the current code that just does an unconditional
"get_random_bytes()" and then adds the TSC into it for noise when it's
not ranom is actually *objectively* better than that broken crap you
just tried.
Plus on modern x86, you'll always get at least the hardware
randomness, which is fundamentally much better anyway.
So this patch is utter and absolute garbage, and should be shot in the
head and buried very very deep.
Please immediately delete it from the whole internet.
Linus