Re: x86 CPU RNG support, take 2

To: Gabriel Rosenkoetter <gr%eclipsed.net@localhost>
Subject: Re: x86 CPU RNG support, take 2
From: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Date: Mon, 4 Jan 2016 19:39:35 +0000

   Date: Mon, 4 Jan 2016 13:46:40 -0500
   From: Gabriel Rosenkoetter <gr%eclipsed.net@localhost>

   On 02 Jan, 2016, at 12:01 EST, Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost> wrote:
   > In that case, why not make cpu_rng_init tell the caller whether or not
   > there is a CPU RNG?  It seems to me the CPU feature bits should
   > determine the presence of the rndsource, not the dynamic behaviour of
   > the hardware itself.

   I can't pretend to have been following this terribly close, but
   isn't "a CPU that claims to have a cpurng entropy source but is
   lying" kind of a threat model here? (Ala Juniper's recent hoopla.)

Yes.  If the operator dislikes the cpurng entropy source, the operator
can just disable it.  That's a separate concern from whether the
kernel relays the CPU's claim of the existence of a cpurng entropy
source to the operator, which is what was at issue here.

All I'm saying is that the CPU feature bit, not the first few bits out
of RDSEED or whatever, should determine the presence or absence of a
cpurng rndsource.

References:
- Re: x86 CPU RNG support, take 2
  - From: Gabriel Rosenkoetter

Prev by Date: Re: x86 CPU RNG support, take 2
Next by Date: Re: x86 CPU RNG support, take 2
Previous by Thread: Re: x86 CPU RNG support, take 2
Next by Thread: Patch: CPU RNG framework with stub x86 implementation
Indexes:

Home | Main Index | Thread Index | Old Index