Re: [PATCH 0/3] random: add random.rng_seed to bootconfig entry

From: Mark Salyzyn
Date: Fri Feb 14 2020 - 12:00:24 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 4.19 229/252] ceph: check availability of mds cluster on mount after wait timeout"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.19 232/252] drm/nouveau/disp/nv50-: prevent oops when no channel method map provided"
In reply to: Rob Herring: "Re: [PATCH 0/3] random: add random.rng_seed to bootconfig entry"
Next in thread: Rob Herring: "Re: [PATCH 0/3] random: add random.rng_seed to bootconfig entry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/14/20 5:49 AM, Rob Herring wrote:

On Fri, Feb 14, 2020 at 12:10 AM Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote:

Hi,

The following series is bootconfig based implementation of
the rng_seed option patch originally from Mark Salyzyn.
Note that I removed unrelated command line fixes from this
series.

Why do we need this? There's already multiple other ways to pass
random seed and this doesn't pass the "too complex for the command
line" argument you had for needing bootconfig.

Rob

Android is the use case I can vouch for. But also KVM.

Android Cuttlefish is an emulated device used extensively in the testing and development infrastructure for In-house, partner, and system and application developers for Android. There is no bootloader, per-se. Because of the Android GKI distribution, there is also no rng virtual driver built in, it is loaded later as a module, too late for many aspects of KASLR and networking. There is no Device Tree, it does however have access to the content of the initrd image, and to the command line for the kernel. The only convenient way to get early entropy is going to have to be one of those two places.

In addition, 2B Android devices on the planet, especially in light of the Android GKI distribution were everything that is vendor created is in a module, needs a way to collect early entropy prior to module load and pass it to the kernel. Yes, they do have access to the recently added Device Tree approach, and we expect them to use it, as I have an active backport for the mechanism into the Android 4.19 and 5.4 kernels. There may also be some benefit to allowing the 13000 different bootloaders an option to use bootconfig as a way of propagating the much needed entropy to their kernels. I could make a case to also allow them command line as another option to relieve their development stress to deliver product, but we can stop there. Regardless, this early entropy has the benefit of greatly improving security and precious boot time.

Sincerely -- Mark Salyzyn

Next message: Sasha Levin: "[PATCH AUTOSEL 4.19 229/252] ceph: check availability of mds cluster on mount after wait timeout"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.19 232/252] drm/nouveau/disp/nv50-: prevent oops when no channel method map provided"
In reply to: Rob Herring: "Re: [PATCH 0/3] random: add random.rng_seed to bootconfig entry"
Next in thread: Rob Herring: "Re: [PATCH 0/3] random: add random.rng_seed to bootconfig entry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]