From patchwork Wed Sep 18 22:01:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 1164418 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=prevas.dk Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=prevas.se header.i=@prevas.se header.b="od+j7Q2J"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 46Yr760RZxz9sP3 for ; Thu, 19 Sep 2019 18:46:41 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id BF34CC22167; Thu, 19 Sep 2019 07:27:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_PASS, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 61DDDC2216C; Thu, 19 Sep 2019 07:27:28 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5ABD3C22164; Thu, 19 Sep 2019 07:27:26 +0000 (UTC) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140105.outbound.protection.outlook.com [40.107.14.105]) by lists.denx.de (Postfix) with ESMTPS id 3E256C22167 for ; Thu, 19 Sep 2019 07:27:25 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dqhagVpBQb6x2sIlHF3n0tDkkvxPt+SxDfnK1j2SiV8c0FNsEGeRuYoc0EeB0/KSHn7pBggDTyMPEwgn9sVQe96QcDUE71xmuVzXRZrqyasKmfujzKlUohbTvZbm/B7BtUF3oC7QDoOn4we5/xik+9hvK7a7uX64eCuJ2QwdPCFUSalwLy9T8mBa9uDKfn/G9QXPpR8eskEtbXjyRP0waIPGiUN/K+rraSLYxX+FB622xaMVvuDu4//4I/+JBNDxKmZn92PwOveIhMymoHkzYhhTS8GLcjVa6juVa9tt0F39PPqGVvE6EGsq3X+nDGnvascZnAURSv3Y6XywsFmCsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PzqVn18qDpHiUCeYPkhLcLVsPtu/A2NXMfcOHvXojC8=; b=dc9WgkcFanj901vYeYpXcHPkTZVCfRNXHkVAbH6j3BoUF4CCQsf0KF6PZvb+8EtOsWuTPFpE3og9gg0YJHJJqRAQpN4gAE7y5BOgZRpNi0TiZQYLIUmevKQMstaf5HJmW7UzJNzDAnKyDtUCWavSx3M37J4HKgU0EwrD2TOC8z6CJqUL+ZfGQUxMs6wYQzqjdkBOifYImzqdc9DI2mjf0J2KVVaNLznPVYu316cy6WuzqESovvZZoE6LX3a7ocGGj/1yV5eKRWPwn1wuyPZwh7bPmQE4tuyUvKjxcCWt6H7/OqfjszSLC5EHUIghAXlhB9AfkTWeblG58ArgrhEsBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=prevas.se; dmarc=pass action=none header.from=prevas.dk; dkim=pass header.d=prevas.dk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prevas.se; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PzqVn18qDpHiUCeYPkhLcLVsPtu/A2NXMfcOHvXojC8=; b=od+j7Q2JUagPNpLwcsqx7UInzi0H7EE3yrEsAhxI+oUrs/Vx3xF4ecCr7/wdtCNOW1O1aUpS/pP8CeXE9JP8bj+XQa82Hb7qYPnLvJ/RHh+4H1uX/Ykt7vjwhjzo3FU548PHvaDx9Bu9s0WqEP0DsBAzWaYY4fTTMTjsjOZINQg= Received: from DB8PR10MB3483.EURPRD10.PROD.OUTLOOK.COM (10.186.164.147) by DB8PR10MB3083.EURPRD10.PROD.OUTLOOK.COM (10.255.17.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.26; Wed, 18 Sep 2019 22:01:51 +0000 Received: from DB8PR10MB3483.EURPRD10.PROD.OUTLOOK.COM ([fe80::95cb:8839:7c7c:efb8]) by DB8PR10MB3483.EURPRD10.PROD.OUTLOOK.COM ([fe80::95cb:8839:7c7c:efb8%2]) with mapi id 15.20.2263.023; Wed, 18 Sep 2019 22:01:51 +0000 From: Rasmus Villemoes To: "u-boot@lists.denx.de" Thread-Topic: [RFC PATCH 0/3] collect entropy, populate /chosen/rng-seed Thread-Index: AQHVbmyt5jyaXAWNzUC8RLsTnVAzwg== Date: Wed, 18 Sep 2019 22:01:51 +0000 Message-ID: <20190918220140.838-1-rasmus.villemoes@prevas.dk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0102CA0063.eurprd01.prod.exchangelabs.com (2603:10a6:7:7d::40) To DB8PR10MB3483.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:133::19) x-mailer: git-send-email 2.20.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=Rasmus.Villemoes@prevas.se; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [5.186.115.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 64b7c8ef-db64-46ef-81a0-08d73c83cf64 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DB8PR10MB3083; x-ms-traffictypediagnostic: DB8PR10MB3083: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01644DCF4A x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(366004)(136003)(396003)(39850400004)(199004)(189003)(6916009)(14444005)(5660300002)(476003)(478600001)(66066001)(26005)(386003)(52116002)(4326008)(2501003)(71200400001)(1076003)(305945005)(71190400001)(6486002)(2616005)(99286004)(186003)(6436002)(44832011)(486006)(81156014)(14454004)(5640700003)(8976002)(25786009)(42882007)(316002)(3846002)(6116002)(6506007)(102836004)(8676002)(66556008)(66446008)(66476007)(6512007)(64756008)(50226002)(256004)(2906002)(2351001)(7736002)(81166006)(8936002)(54906003)(36756003)(66946007)(107886003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB8PR10MB3083; H:DB8PR10MB3483.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: prevas.se does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: C2LKdpTOqNZkmH1gSjG8LQeeK4g8J+six3TenpN0DkUEh8PMM1brPJJl3aXasZ15no64gMqLSDo0myqymYcluC4AsvDHt2Knn9Dxrx4Y1XVM/Eu1/3uuxUOVvJcATkyuciWOBz/vQ5UWj0VgpwMcMMAdqLYDfEZDiKvBSj6eneljED9tOd/yZWgpLg73c1vRZA7sEgVb2xKbmnb7fhnGlaNMlNkOaMFMW3t6UIdRMqSVmfb6fmq4jsivWGAjvfc3n9hwlPeYbSt1nTSrsclmj0JEWFszI3eMFUVi64HtbZ+t0Ui0+thtdAUBK/mcDhcMj/ozU4r8x1UZDI76MV+AX9H3wpoGXj5eg7sXl2470G5h1mIDhIS7VNBCwEynfZ0nfJUpYhk5rURd3eYCMTaWHZNCMQ2eInUu8SC4LuF4JKw= MIME-Version: 1.0 X-OriginatorOrg: prevas.dk X-MS-Exchange-CrossTenant-Network-Message-Id: 64b7c8ef-db64-46ef-81a0-08d73c83cf64 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 22:01:51.6188 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d350cf71-778d-4780-88f5-071a4cb1ed61 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LNop3c1xkXpjRJMhvJ3I9l7oawwsKpww3JvTbUyeeasOcn+K/wmLI7Vd0cb3jhGtRKpVI+gDls7MZh3fPWHjCfe7qcfTyiCcK7BVTz5oya0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR10MB3083 Cc: Rasmus Villemoes , Tom Rini Subject: [U-Boot] [RFC PATCH 0/3] collect entropy, populate /chosen/rng-seed X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" [This is very much an early Request For Comments - it builds and shows a sketch of what I have in mind, but has not really been tested. The rest of the cover letter is copied from patch 3.] A recurring theme on LKML is the boot process deadlocking due to some process blocking waiting for random numbers, while the kernel's Cryptographic Random Number Generator (crng) is not initalized yet, but that very blocking means no activity happens that would generate the entropy necessary to finalize seeding the crng. This is not a problem on boards that have a good hwrng (when the kernel is configured to trust it), whether in the CPU or in a TPM or elsewhere. However, that's far from all boards out there. Moreover, when booting with an initrd, all the "disk activity" that would otherwise generate some timing variances has already been done by U-boot. Hence it makes sense to try to collect that entropy in U-boot and pass it on to the kernel. On the kernel side, support for that has just landed in master (commit 428826f5358c "fdt: add support for rng-seed"). By itself, this does not help with the initialization of the crng, since the kernel only considers the rng-seed "trustworthy" if CONFIG_RANDOM_TRUST_BOOTLOADER is set (it is always fed into the crng, but entropy is only accounted when that config option is set). This adds some basic infrastructure for collecting entropy in U-boot, and then it's up to the BSP developer to decide if CONFIG_RANDOM_TRUST_BOOTLOADER should be enabled in the kernel. If this is accepted, I think we should add entropy() calls before and after most disk and network activities. Moreover, at least some boards seem to have a rather reliable source of randomness in the contents of RAM after a cold boot [*], so I imagine exposing the entropy_mix() either via a command "entropy " that can be run during a boot script, or perhaps to be done automatically (and as early as possible to reduce risk of "tainting") via some CONFIG_ENTROPY_RAM_{ADDR,LEN}. There's probably good sources of entropy to be had from the SPL phase, but I couldn't find a good way of passing that on other than by putting the sha256_context inside global_data, which would bloat that by over 100 bytes. [*] Looking at a slightly arbitrary place in the middle of physical memory I got these 40d07670: 34081000 400a8020 00002040 20024400 ...4 ..@@ ...D. 40d07670: 343c1000 640a9120 00036040 6006e400 ..<4 ..d@`.....` 40d07670: 353c1040 600a9120 00026041 6246e400 @.<5 ..`A`....Fb 40d07670: 34281000 600a9100 00026040 2046e400 ..(4...`@`....F So some bits are always the same, but there's quite a few that flip randomly between boots - so mixing in a MB or two seems that it should provide plenty of real entropy. Rasmus Villemoes (3): u-boot/sha256.h: add SHA256_INIT macro u-boot/sha256.h: include linux/types.h add infrastructure for collecting entropy common/fdt_support.c | 12 ++++++++ include/common.h | 3 ++ include/entropy.h | 42 +++++++++++++++++++++++++++ include/u-boot/sha256.h | 13 +++++++++ lib/Kconfig | 10 +++++++ lib/Makefile | 1 + lib/entropy.c | 63 +++++++++++++++++++++++++++++++++++++++++ 7 files changed, 144 insertions(+) create mode 100644 include/entropy.h create mode 100644 lib/entropy.c