diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2018-07-17 18:24:27 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2018-07-24 15:43:24 -0400 |
| commit | 39a8883a2b989d1d21bd8dd99f5557f0c5e89694 (patch) | |
| tree | 9e86c920e258b8ca73ffa3955cd82c6c1ee84cea /drivers/char/random.c | |
| parent | 3672476edaa0660eb833f54fa9edeb505417b75c (diff) | |
random: add a config option to trust the CPU's hwrng
This gives the user building their own kernel (or a Linux
distribution) the option of deciding whether or not to trust the CPU's
hardware random number generator (e.g., RDRAND for x86 CPU's) as being
correctly implemented and not having a back door introduced (perhaps
courtesy of a Nation State's law enforcement or intelligence
agencies).
This will prevent getrandom(2) from blocking, if there is a
willingness to trust the CPU manufacturer.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'drivers/char/random.c')
| -rw-r--r-- | drivers/char/random.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index 34ddfd57419b..f4013b8a711b 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c | |||
| @@ -782,6 +782,7 @@ static void invalidate_batched_entropy(void); | |||
| 782 | static void crng_initialize(struct crng_state *crng) | 782 | static void crng_initialize(struct crng_state *crng) |
| 783 | { | 783 | { |
| 784 | int i; | 784 | int i; |
| 785 | int arch_init = 1; | ||
| 785 | unsigned long rv; | 786 | unsigned long rv; |
| 786 | 787 | ||
| 787 | memcpy(&crng->state[0], "expand 32-byte k", 16); | 788 | memcpy(&crng->state[0], "expand 32-byte k", 16); |
| @@ -792,10 +793,18 @@ static void crng_initialize(struct crng_state *crng) | |||
| 792 | _get_random_bytes(&crng->state[4], sizeof(__u32) * 12); | 793 | _get_random_bytes(&crng->state[4], sizeof(__u32) * 12); |
| 793 | for (i = 4; i < 16; i++) { | 794 | for (i = 4; i < 16; i++) { |
| 794 | if (!arch_get_random_seed_long(&rv) && | 795 | if (!arch_get_random_seed_long(&rv) && |
| 795 | !arch_get_random_long(&rv)) | 796 | !arch_get_random_long(&rv)) { |
| 796 | rv = random_get_entropy(); | 797 | rv = random_get_entropy(); |
| 798 | arch_init = 0; | ||
| 799 | } | ||
| 797 | crng->state[i] ^= rv; | 800 | crng->state[i] ^= rv; |
| 798 | } | 801 | } |
| 802 | #ifdef CONFIG_RANDOM_TRUST_CPU | ||
| 803 | if (arch_init) { | ||
| 804 | crng_init = 2; | ||
| 805 | pr_notice("random: crng done (trusting CPU's manufacturer)\n"); | ||
| 806 | } | ||
| 807 | #endif | ||
| 799 | crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; | 808 | crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; |
| 800 | } | 809 | } |
| 801 | 810 | ||