On Thu, 12 Sep 2013, H. Peter Anvin wrote:
> From what I can gather from the patch this is too heavyweight (need
> locks and so on) to use as arch_get_random*(). There has been a lot of
Alas, I can see there's only x86 that currently has this implemented?
> discussion about the pros and cons of allowing the kernel to bypass
> rngd, but I would think that any such plumbing -- once it gets past the
> fully synchronous low latency properties of arch_get_random*() -- really
> should be implemented as an option in the existing hwrng device
> infrastructure.
As I wrote in the intro, the problem to solve is slow startup when ASLR is
in effect; in that case: until rngd or haveged is finally running.
> In other words, start by implementing a hwrng device. That will work
> right now with rngd running. Then we can consider if we want to allow
That's already there, thanks to the IBM guys :)
> bypass of rngd for certain hwrng devices -- which may include zcrypt,
> virtio_rng and so on.
I'm currently thinking about some kind of buffer in zcrypt, where
arch_get_random can get a long or int quickly, as "designed" after x86.
Device init or low water would trigger a work item to refill the buffer.
It might tun out though, that every device on every architecture that does
not quite match the x86 approach implements its own buffer.
What do you think?
Besides that, as you wrote, a generic mechanism to mix hwrngs into the
input pool would be nice, triggered by user space policy. As far as I can
see, some mixing of arch_get_random is done, but no entropy credited?
Torsten
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
