Wait a minute, if it fails the system drops back to software,
Does it? It would seem that if it fails and begins returning all zeroes, then the seed function would (depending on the implementation) be called like this:
add_random_bytes("\0\0\0\0".... , 4096);
add_random_bytes("\0\0\0\0".... , 4096);
[...]Or:
add_random_bytes("\0\0\0\0".... , 4096);
add_random_bytes(soft_random() , 64);
add_random_bytes("\0\0\0\0".... , 4096);
add_random_bytes(soft_random() , 64);
[...]In either case, it's very bad, and will likely return cause some _very_ predictable data to be emitted.
I'm not sure you would get people to agree what should be done if a hardware RNG fails, other than make the failure information available to user space.
How do you know if it fails? You know when your disk fails and begins giving bad data because the filesystem detects that the data is invalid, but how do you tell when your random number generator starts giving bad data? AFAIK, the only way to do that is to continuously monitor the random data produced and _immediately_ stop the data flow when you start getting bad data. That should only be done from a userspace rngd-type daemon.
Cheers, Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r !y?(-)
------END GEEK CODE BLOCK------
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
