From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.groups.io with SMTP id smtpd.web10.3521.1573130881652694099 for ; Thu, 07 Nov 2019 04:48:01 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: pbonzini@redhat.com) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0ED99368E4 for ; Thu, 7 Nov 2019 12:48:01 +0000 (UTC) Received: by mail-wr1-f69.google.com with SMTP id w4so921931wro.10 for ; Thu, 07 Nov 2019 04:48:00 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=byxXFeWkfVk4mWlvFull2sSGobYsxB9rDRxaq4YZ+fQ=; b=ZWxqtJSTP/x4QYVvu8HTXOpaH6GB2xWq0ZkZrCU/Mf35g8TdPj3OfaTqtAAjgKX70H EypKE+8dEGdsgfKctsqGqNio6WFhuYJ7HArSNvy/wc3fQvMpNnHYDCvpUn0BfumND/Xy yXi20DRtxqngOHdX5SRrRUAkHFI/d+xYJxCCj9rlRqkv1jO2aU1ZC1MlbhVRxuTWHg5h jlutbuN2qXeVbYfJDHhl3Ui//z/d/G6ywhVp3dKjdUfB/95xtFN6IlS8nSdqHWTWkSna LBF7mBpDE4wk8J/K2fjsTCXBINwVrh7FvwHohle01wxb0OYQNM9D3TiWhqjDLn6fwvEQ 7jdA== X-Gm-Message-State: APjAAAVbAPF1QL0r/D2rbx1j1jfzoT6LSD1t83gDhgLoVUGrLQHGXYVm 93tC/VBIim0ZR+Qxke9I3cpOgrRnPUl3KAlXdy08KbRKaKASXZPRH8w/0xknA/4+KWlfQGOjygO 77Ni8m3Wn7TDgDA== X-Received: by 2002:a5d:4645:: with SMTP id j5mr2865609wrs.329.1573130879640; Thu, 07 Nov 2019 04:47:59 -0800 (PST) X-Google-Smtp-Source: APXvYqxZtIPcWat+hDSn2jGpkpLK5dECPYqUBx/x25eL8YnF5ANv8/lFjyEMpLm2Z0W5PrDQvsNAjA== X-Received: by 2002:a5d:4645:: with SMTP id j5mr2865580wrs.329.1573130879317; Thu, 07 Nov 2019 04:47:59 -0800 (PST) Received: from [10.201.49.199] (nat-pool-mxp-u.redhat.com. [149.6.153.187]) by smtp.gmail.com with ESMTPSA id c9sm1243993wmb.42.2019.11.07.04.47.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Nov 2019 04:47:58 -0800 (PST) Subject: Re: privileged entropy sources in QEMU/KVM guests To: =?UTF-8?Q?Daniel_P=2e_Berrang=c3=a9?= , Laszlo Ersek Cc: qemu devel list , Ard Biesheuvel , Jian J Wang , edk2-devel-groups-io , Bret Barkelew , Erik Bjorge , Sean Brogan , =?UTF-8?Q?Philippe_Mathieu-Daud=c3=a9?= References: <03e769cf-a5ad-99ce-cd28-690e0a72a310@redhat.com> <20191107115203.GD120292@redhat.com> From: "Paolo Bonzini" Openpgp: preference=signencrypt Message-ID: <31917972-da28-8e0d-432d-1cb7607ff3e7@redhat.com> Date: Thu, 7 Nov 2019 13:47:54 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20191107115203.GD120292@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 07/11/19 12:52, Daniel P. Berrang=C3=A9 wrote: >=20 > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/comm= it/?id=3Dbb5530e4082446aac3a3d69780cd4dbfa4520013 >=20 > Is it practical to provide a jitter entropy source for EDK2 > too ? The hard part is not collecting jitter (though the firmware might be too deterministic for that), but rather turning it into a random number seed (mixing data from various sources, crediting entropy, etc.). Paolo