Re: [PATCH] random: remove CONFIG_ARCH_RANDOM and "nordrand"

2022-07-06 Thread H. Peter Anvin
On July 6, 2022 5:23:31 AM PDT, Borislav Petkov wrote: >On Tue, Jul 05, 2022 at 04:11:45PM -0700, H. Peter Anvin wrote: >> What I'm wondering is if we shouldn't be simply instrument *every* >> invocation, and set the trust to zero if we ever trip it. > >I guess you can add some logic to rdrand_lon

Re: [PATCH] random: remove CONFIG_ARCH_RANDOM and "nordrand"

2022-07-06 Thread Theodore Ts'o
On Tue, Jul 05, 2022 at 09:01:21PM +0200, Jason A. Donenfeld wrote: > Later the thinking evolved. With a properly designed RNG, using RDRAND > values alone won't harm anything, even if the outputs are malicious. I personally think it's totally fine to remove nordrand. However, the reason why it w

Re: [PATCH] random: remove CONFIG_ARCH_RANDOM and "nordrand"

2022-07-05 Thread H. Peter Anvin
On July 5, 2022 3:00:04 PM PDT, Borislav Petkov wrote: >On Tue, Jul 05, 2022 at 02:50:34PM -0700, H. Peter Anvin wrote: >> It's just math. The only variable is your confidence level, i.e. at >> what level do you decide that the likelihood of pure chance is way >> smaller than the likelihood of har

Re: [PATCH] random: remove CONFIG_ARCH_RANDOM and "nordrand"

2022-07-05 Thread H. Peter Anvin
On July 5, 2022 12:57:04 PM PDT, Borislav Petkov wrote: >On Tue, Jul 05, 2022 at 09:44:17PM +0200, Jason A. Donenfeld wrote: >> Oh, huh. Maybe in that case I should adjust the message to say "consider >> using `random.trust_cpu=0`," which is the thing that would actually make >> a security differe

Re: [PATCH] random: remove CONFIG_ARCH_RANDOM and "nordrand"

2022-07-05 Thread Borislav Petkov
On Tue, Jul 05, 2022 at 02:50:34PM -0700, H. Peter Anvin wrote: > It's just math. The only variable is your confidence level, i.e. at > what level do you decide that the likelihood of pure chance is way > smaller than the likelihood of hardware failure. That might be but the likelyhood of certain

Re: [PATCH] random: remove CONFIG_ARCH_RANDOM and "nordrand"

2022-07-05 Thread Borislav Petkov
On Tue, Jul 05, 2022 at 09:44:17PM +0200, Jason A. Donenfeld wrote: > Oh, huh. Maybe in that case I should adjust the message to say "consider > using `random.trust_cpu=0`," which is the thing that would actually make > a security difference. Why isn't that option documented in Documentation/admin