Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails

From: Daniel P. Berrangé
Date: Thu Feb 01 2024 - 06:08:35 EST

Next message: Ojaswin Mujoo: "Re: [PATCH] ext4: correct best extent lstart adjustment logic"
Previous message: James Clark: "Re: [PATCH v1 07/14] perf arm-spe/cs-etm: Directly iterate CPU maps"
In reply to: Dr. Greg: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Next in thread: Dr. Greg: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 01, 2024 at 03:54:51AM -0600, Dr. Greg wrote:
> I suspect that the achievable socket core count cannot effectively
> overwhelm the 1022x amplification factor inherent in the design of the
> RDSEED based seeding of RDRAND.

In testing I could get RDSEED down to < 3% success rate when
running on 20 cores in parallel on a laptop class i7. If that
failure rate can be improved by a little more than one order
of magnitude to 0.1% we're starting to get to the point where
it might be enough to make RDRAND re-seed fail.

Intel's Sierra Forest CPUs are said to have a variant with 288
cores per socket, which is an order of magnitude larger. It is
conceivable this might be large enough to demonstrate RDRAND
failure in extreme load. Then again who knows what else has
changed that might alter the equation, maybe the DRBG is also
better / faster. Only real world testing can say for sure.
One thing is certain though, core counts per socket keep going
up, so the potential worst case load on RDSEED will increase...

> We will see if Elena can come up with what Intel engineering's
> definition of 'astronomical' is.. :-)
>
> > There's a special case with Confidential Compute VM's, since the
> > assumption is that you want to protect against even a malicious
> > hypervisor who could theoretically control all other sources of
> > timing uncertainty. And so, yes, in that case, the only thing we
> > can do is Panic if RDRAND fails.
>
> Indeed.
>
> The bigger question, which I will respond to Elena with, is how much
> this issue calls the entire question of confidential computing into
> question.

A denial of service (from a panic on RDRAND fail) doesn't undermine
confidental computing. Guest data confidentiality is maintained by
panicing on RDRAND failure and DoS protection isn't a threat that CC
claims to be able to mitigate in general.

With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

Next message: Ojaswin Mujoo: "Re: [PATCH] ext4: correct best extent lstart adjustment logic"
Previous message: James Clark: "Re: [PATCH v1 07/14] perf arm-spe/cs-etm: Directly iterate CPU maps"
In reply to: Dr. Greg: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Next in thread: Dr. Greg: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]