Re: Suggestion for prekern: warning messages

On 12. Apr 2021, at 11:21, Martin Husemann <martin%duskware.de@localhost> wrote:

On Mon, Apr 12, 2021 at 03:56:29AM +0200, Pierre Pronchery wrote:

In my tests with QEMU (5.2.0 from pkgsrc 2021Q1 on macOS Catalina
amd64) no CPU entropy instruction was detected (RDRAND and RDSEED are
supported). Without an entropy file, I guess it only leaves the time of
boot in order to guess the seed for KASLR, which is not ideal.

I can't parse that - if RDRAND and RDSEED are supported, why was no
entropy instruction detected?

Oh RDRAND and RDSEED are supported by prekern, but I suppose the emulation in my QEMU instance did not.

After a brief check on Wikipedia (https://en.wikipedia.org/wiki/RDRAND) it looks like not every amd64 CPU can be expected to support either of these instructions (Intel from 3rd-gen Core on, AMD from June 2015 on) and there are errata too, including in GCC (https://www.cryptopp.com/wiki/RDRAND_and_RDSEED, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180).

Another feature I have in mind is to detect the choice of console and support serial consoles in prekern. I guess it would make it easier to debug.

I'd put it more blunt: missing serial console support makes the whole thing
unusable in many setups.

The prekern requires no interaction, so unless it fails, there is no issue there. I have a number of VMs running on serial consoles with GENERIC_KASLR, without any trouble. It works in virtual framebuffers too if necessary and available (e.g. VNC on Xen).

But I have a (maybe off topic) question (that I did ask Maxime back then
but he evaded answering): why do we have a three phase bootstrap for this
at all? What is it that prekern can do that /boot couldn't? IMHO prekern
should go away and all its functionality moved to the regular bootloader
(or where that does not work the kernel).