public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Laszlo Ersek" <lersek@redhat.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
	"Daniel P. Berrangé" <berrange@redhat.com>
Cc: "qemu devel list" <qemu-devel@nongnu.org>,
	"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
	"Jian J Wang" <jian.j.wang@intel.com>,
	edk2-devel-groups-io <devel@edk2.groups.io>,
	"Bret Barkelew" <Bret.Barkelew@microsoft.com>,
	"Erik Bjorge" <erik.c.bjorge@intel.com>,
	"Sean Brogan" <sean.brogan@microsoft.com>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: Re: privileged entropy sources in QEMU/KVM guests
Date: Thu, 7 Nov 2019 14:44:11 +0100	[thread overview]
Message-ID: <ad6a25e6-6019-e02f-b632-e19e6eeb0b95@redhat.com> (raw)
In-Reply-To: <31917972-da28-8e0d-432d-1cb7607ff3e7@redhat.com>

On 11/07/19 13:47, Paolo Bonzini wrote:
> On 07/11/19 12:52, Daniel P. Berrangé wrote:
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb5530e4082446aac3a3d69780cd4dbfa4520013
>>
>> Is it practical to provide a jitter entropy source for EDK2
>> too ?
> 
> The hard part is not collecting jitter (though the firmware might be too
> deterministic for that), but rather turning it into a random number seed
> (mixing data from various sources, crediting entropy, etc.).

If there is *any* entropy source that (a) we can trust to be random
enough and (b) depends only on the CPU, then we shouldn't struggle with
virtio-rng (or similar devices) at all. RDRAND would be a no-brainer,
but the "community literature" suggests it should not be trusted in itself.

I've read the commit message linked above, and it appears too good to be
true.

    The CPU Jitter RNG provides a source of good entropy by collecting
    CPU executing time jitter. [...] The RNG does not have any
    dependencies on any other service in the kernel. The RNG only needs
    a high-resolution time stamp. [...]

http://www.chronox.de/jent.html

    The CPU Jitter Random Number Generator provides a non-physical true
    random number generator that works equally in kernel and user land.
    The only prerequisite is the availability of a high-resolution timer
    that is available in modern CPUs.

http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html

    Today’s operating systems provide non-physical true random number
    generators which are based on hardware events. With the advent of
    virtualization and the ever growing need of more high-quality random
    numbers, these random number generators reach their limits.
    Additional sources of entropy must be opened up. This document
    introduces an entropy source based on CPU execution time jitter. The
    design and implementation of a non-physical true random number
    generator, the CPU Jitter random number generator, its statistical
    properties and the maintenance and behavior of entropy is discussed
    in this document.

If this construct is legit, a core edk2 implementation (available to all
platforms, and on all edk2 arches) would be a huge win.

On the other hand, we're having this discussion because the premise of
TianoCore#1871 is that we shouldn't rely on just the CPU and a high
resolution timer... I simply cannot decide if this construct is
trustworthy. (With any solution that was based in the host's /dev/random
or /dev/urandom, the trustworthiness question would be side-stepped in
the firmware.)

Laszlo


  reply	other threads:[~2019-11-07 13:44 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-07 10:10 privileged entropy sources in QEMU/KVM guests Laszlo Ersek
2019-11-07 10:18 ` Dr. David Alan Gilbert
2019-11-07 11:19   ` Laszlo Ersek
2019-11-07 11:36     ` Dr. David Alan Gilbert
2019-11-07 10:25 ` Ard Biesheuvel
2019-11-07 11:37   ` Paolo Bonzini
2019-11-07 11:55     ` Daniel P. Berrangé
2019-11-07 12:50       ` Paolo Bonzini
2019-11-07 13:33         ` Laszlo Ersek
2019-11-07 13:27     ` Laszlo Ersek
2019-11-07 13:58       ` Paolo Bonzini
2019-11-07 15:11         ` Laszlo Ersek
2019-11-07 11:58   ` Laszlo Ersek
2019-11-07 11:52 ` Daniel P. Berrangé
2019-11-07 12:47   ` Paolo Bonzini
2019-11-07 13:44     ` Laszlo Ersek [this message]
2019-11-07 13:54       ` Daniel P. Berrangé
2019-11-07 14:09       ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ad6a25e6-6019-e02f-b632-e19e6eeb0b95@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox