Re: [RFC] Randomness on confidential computing platforms

From: H. Peter Anvin
Date: Mon Jan 29 2024 - 11:41:57 EST


On January 29, 2024 8:30:11 AM PST, Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
>On 1/26/24 05:42, Kirill A. Shutemov wrote:
>> 3. Panic after enough re-tries of RDRAND/RDSEED instructions fail.
>> Another DoS variant against the Guest.
>
>I think Sean was going down the same path, but I really dislike the idea
>of having TDX-specific (or CoCo-specific) policy here.
>
>How about we WARN_ON() RDRAND/RDSEED going bonkers? The paranoid folks
>can turn on panic_on_warn, if they haven't already.

That would be good anyway.