Re: kaslr: better rng

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: kaslr: better rng
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Tue, 14 Nov 2017 13:33:05 -0500

On Tue, Nov 14, 2017 at 02:25:00PM +0100, Maxime Villard wrote:
> Le 11/11/2017 ?? 22:23, Taylor R Campbell a ??crit :
> > Can you just use the SHA1 in libkern (and the SHA3 that will with any
> > luck soon be in libkern), or are there constraints on the size of the
> > prekern that prevent you from doing so?
> 
> No, there are no constraints. I just didn't know we could use libkern. So you
> can forget about my prng.c, I'll use libkern's SHA512 until we have SHA3.
> 
> 
> Le 12/11/2017 ?? 03:13, Thor Lancelot Simon a ??crit :
> > cpu_rng already has the code needed to do this -- best to use it, perhaps?
> 
> This would mean moving cpu_rng into libkern?

Maybe so.  I guess there is MD stuff in libkern already.  Only thing is,
looking at the code to remind myself what I did, it relies on our cpu_features
mechanism.  But if you look at the code, it's very, very simple, just a
few lines really to do the work -- in this very particular case perhaps you
would be justified to duplicate it.

Or -- it's tiny -- grab the Intel sample code examples from
https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
which include a tiny CPU feature prober and a little bit of glue around
RDRAND and RDSEED.  You can discard almost all the glue, or even just use
the Intel code (3-clause BSD licensed) as an example of how to probe the
feature bits.

The right thing to do I would think is to is use RDSEED if you have it;
if you don't have it, or if it fails, use RDRAND.  If you don't have either,
I guess use the TSC to key your hash function.  If you don't have that,
the RTC clock... just a few inb()/outb() to read it, and it's better than
nothing.

Here is something else you can use with only a fairly small amount of
MD code -- the processor temperature sensor on most Intel CPUs made since
around 2009.  As you can see from x86/x86/coretemp.c, it's just a couple
of MSR reads - the probe may be the hard part.

-- 
  Thor Lancelot Simon	                                     tls%panix.com@localhost
 "The two most common variations translate as follows:
	illegitimi non carborundum = the unlawful are not silicon carbide
	illegitimis non carborundum = the unlawful don't have silicon carbide."

Follow-Ups:
- Re: kaslr: better rng
  - From: Maxime Villard

References:
- Re: kaslr: better rng
  - From: Taylor R Campbell
- Re: kaslr: better rng
  - From: Maxime Villard

Prev by Date: Re: amd64: kernel aslr support
Next by Date: Re: Debugging function of localcount
Previous by Thread: Re: kaslr: better rng
Next by Thread: Re: kaslr: better rng
Indexes:

Home | Main Index | Thread Index | Old Index