From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web11.17421.1669119629173657125
 for <devel@edk2.groups.io>;
 Tue, 22 Nov 2022 04:20:29 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=lSFBk6r3;
 spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: srs0=2rl2=3w=zx2c4.com=jason@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id C88DCB8190C;
	Tue, 22 Nov 2022 12:20:23 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C125C433C1;
	Tue, 22 Nov 2022 12:20:21 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
	dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="lSFBk6r3"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
	t=1669119619;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=KqiNHqk+v7jt7UONlgCN0wkHRyWk5EKmjY77oK0wcTo=;
	b=lSFBk6r3aTu1bZrTkzOj94DvwnHAAlnqnY8ujFCf3Ule481UVBwZc2DoFrikd+nMlcYwKd
	6341LNm/MOrwpevDWpkEZSF8Pn6NvBU+tYiR3uBLOYfgtUNnUmqp4Mw04XSbHlM6lQQe6x
	cQO8CAGyNlut5W3ko8+FI43M2BLzIuI=
Received: 
	by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 6fe81b4c (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
	Tue, 22 Nov 2022 12:20:18 +0000 (UTC)
Date: Tue, 22 Nov 2022 13:20:16 +0100
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Pedro Falcato <pedro.falcato@gmail.com>
Cc: devel@edk2.groups.io, ardb@kernel.org,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Rebecca Cran <rebecca@bsdio.com>,
	Pierre Gondois <pierre.gondois@arm.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [edk2-devel] [PATCH 3/3] OvmfPkg/OvmfX86: Enable RDRAND based EFI_RNG_PROTOCOL implementation
Message-ID: <Y3y+gBRkohmahc3G@zx2c4.com>
References: <20221110134738.3798618-1-ardb@kernel.org>
 <20221110134738.3798618-4-ardb@kernel.org>
 <CAKbZUD30=NA-7uD-qQvLC0r4cYrDJStsB47q_MyLf75kh67cKw@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAKbZUD30=NA-7uD-qQvLC0r4cYrDJStsB47q_MyLf75kh67cKw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

Hi Pedro,

On Tue, Nov 22, 2022 at 12:35 PM Pedro Falcato <pedro.falcato@gmail.com> wrote:
> Given this patch plus the corresponding linux-efi patches wrt RNG, I'm
> mildly concerned about buggy RDRAND implementations compromising the
> kernel's RNG. Is this not a concern?

Speaking with my kernel RNG maintainer hat on, no, this is not really a
concern, for several reasons:

- The kernel's RNG takes input from multiple sources, continuously, and
  tries to mix in new inputs rather quickly, especially at early boot.

- The kernel will use RDRAND on its own, even in the case that EFI
  doesn't provide it, so it's not gaining anything here.

- EFI on actual baremetal firmware, as opposed to OVMF, already provides
  EFI, so this is par for the course.

- Most of those RDRAND bugs have concerned coming in and out of various
  sleep states, which doesn't really apply to early boot EFI.

- And again, just to reinforce the first point, the kernel takes inputs
  from many sources. Having EFI provide its own thing -- via RDRAND or
  any other mechanism -- is complementary and will only help.

Regarding your "corresponding linux-efi patches wrt RNG", I'm not quite
sure what you're referring to. If anything, recent work during this
cycle has been aimed around shuffling more sources of randomness in from
elsewhere. The EFI RNG protocol stuff has been in there already for a
long time. So maybe you misunderstood those? Or I'm misunderstanding
what you're referring to?

As a general point, this question of "do we have enough entropy?" or
"are we initialized yet?" is an impossible proposition. Entropy
estimation is impossible, and is only ever a guess, and that guess can
be sometimes wrong, even wildly wrong. So the kernel is increasingly
moving away from /relying/ on that, and is more focused on getting more
sources faster -- incorporating anything it can find, and mixing it into
the output stream more continuously. To that end, if EFI's got a DXE to
do something or another, please hook it up.

Lastly, I think the concern you raised is inappropriate for Ard's
patchset, as it actually doesn't apply to it at all. This patchset is
about hooking an existing DXE up to OVMF, one that is hooked up
elsewhere, but wasn't for OVMF. This alone has nothing to do with the
concern. Rather, the concerns you raised are about the DXE itself. So to
that end, perhaps you should start a new thread or send some patches or
do something to the DXE that you're concerned about (e.g. a basic boring
power-on selftest like what the kernel has or something, if you're extra
worried). Or maybe not, for the reasons I listed above of things being
basically fine.

Jason