On 2024-10-14 12:52, Marek Vasut wrote:
On 10/14/24 12:37 PM, Dragan Simic wrote:
On 2024-10-14 12:35, Marek Vasut wrote:
On 10/14/24 12:32 PM, Dragan Simic wrote:
On 2024-10-14 12:26, Alex ThreeD wrote:
On Mon, Oct 14, 2024 at 12:10 AM Marek Vasut <ma...@denx.de> wrote:
Let's make this override-able via environment variable, because
this
might be growing in the future again. Does this work ?
size_t len = env_get_ulong("kaslrseed_size", 10, 32);
Maybe `env_get_hex("rng_seed_size", 32)` would be better? As most
other env are
hexadecimal.
Actually it seems that entropy required to init pool early has
decreased in
Linux 5.19 from 64 bytes (2 * CHACHA_KEY_SIZE) to 32 bytes
(BLAKE2S_HASH_SIZE)
https://elixir.bootlin.com/linux/v5.18/source/drivers/char/
random.c#L236
https://elixir.bootlin.com/linux/v5.19/source/drivers/char/
random.c#L551
Anyway config knob should not harm.
I think that the value received from the new environment variable
should be accepted only if it's greater than some hardcoded value,
in this case 32. That way, someone won't be able to misconfigure
their board environment and cause the early random pool
initialization
to be postponed.
Using low number could be useful for testing. Print a WARNING if the
number is too low perhaps?
Yes, testing with low values has also crossed my mind. Priting such
warnings would be a viable option.
Sounds good then, thanks!
Thank you. :) My early thoughts were like "wow, someone can break
their early random pool initialization this way", but right after
that something like "well, breaking many other things is already
possible in the same way" crossed my mind. :)
So, yes, just printing such warnings is perfectly fine.
