From nobody Sat May 4 05:41:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=quarantine dis=quarantine) header.from=epam.com ARC-Seal: i=1; a=rsa-sha256; t=1622105592; cv=none; d=zohomail.com; s=zohoarc; b=oDpnBTV9pCU5jbUOAvuYYQVRbYsIpc/AkADnhvw5DKMk62UbxEl4l21cIrqB57z3UcGTzJ+R2Z/IfXzo43CndEzTxGLpjJxMWrKESxzlKvYmFEaitrSrvQfZNT0KuT9KDRU1wgUBuWNdlKVhtWmC6fKiha/JvkmrURRJ1jqAEMI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1622105592; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=J0VK/XUtd0aPN1G5t3cMtn7XJHjZFYesGfPF+pvG9fg=; b=bhDYHwluI1wRpze3THu7hRSkwLZl+N2GUC1x8jBsl4R4AKgoykxrl8GEQznoPL4Zk1IyEUlDoD+fYIu72BwU5pB5geSZYT5P2X058pFwVDme91G/xcwOtuENrPPU/BxAj5QKIPAr6RxW1SBAJQTY/L0yZTVEZPlyNZNS1aTw4ig= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=quarantine dis=quarantine) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1622105592253594.7181535043852; Thu, 27 May 2021 01:53:12 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.132928.247874 (Exim 4.92) (envelope-from ) id 1lmBlC-00070k-6L; Thu, 27 May 2021 08:52:58 +0000 Received: by outflank-mailman (output) from mailman id 132928.247874; Thu, 27 May 2021 08:52:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lmBlC-00070d-2H; Thu, 27 May 2021 08:52:58 +0000 Received: by outflank-mailman (input) for mailman id 132928; Thu, 27 May 2021 08:52:56 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lmBlA-00070X-DZ for xen-devel@lists.xenproject.org; Thu, 27 May 2021 08:52:56 +0000 Received: from pb-smtp2.pobox.com (unknown [64.147.108.71]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 1113c13b-c9a8-4107-834e-9619cb4dc8b0; Thu, 27 May 2021 08:52:54 +0000 (UTC) Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 90AF6CEDCB; Thu, 27 May 2021 04:52:54 -0400 (EDT) (envelope-from sakib@darkstar.site) Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 86F59CEDCA; Thu, 27 May 2021 04:52:54 -0400 (EDT) (envelope-from sakib@darkstar.site) Received: from localhost (unknown [95.67.114.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id C2A06CEDC9; Thu, 27 May 2021 04:52:53 -0400 (EDT) (envelope-from sakib@darkstar.site) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 1113c13b-c9a8-4107-834e-9619cb4dc8b0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc :subject:date:message-id:mime-version:content-transfer-encoding; s=sasl; bh=pSkglQJM+7qceceFKKwFTWVbzJdX1y2GYzYnRFShvQs=; b=VdZR TxT1GbOMZuEC3XnM3lC/+uRDjNcy8WKRV68el2EiGzrWgqLyn4762nB/q17AzZeW 1tRM5qdoiIHBBSp4JxUYde6Cm081/YUHwplJbnqyYcZkVu72iYllj7FVDuaPiVVH EfFUchIj7/FwIpmwNagz/EELW7ye7sQgWuL/E4Q= From: Sergiy Kibrik To: xen-devel@lists.xenproject.org Cc: Ian Jackson , Wei Liu , Sergiy Kibrik , Julien Grall Subject: [XEN PATCH v2] libxl/arm: provide guests with random seed Date: Thu, 27 May 2021 08:52:33 +0000 Message-Id: <20210527085233.69917-1-Sergiy_Kibrik@epam.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Pobox-Relay-ID: ECA8B4A0-BEC8-11EB-ADE8-FD8818BA3BAF-90055647!pb-smtp2.pobox.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @pobox.com) Content-Type: text/plain; charset="utf-8" Pass 128 bytes of random seed via FDT, so that guests' CRNGs are better see= ded early at boot. This is larger than ChaCha20 key size of 32, so each byte of CRNG state will be mixed 4 times using this seed. There does not seem to be advantage in larger seed though. Depending on its configuration Linux can use the seed as device randomness or to just quickly initialize CRNG. In either case this will provide extra randomness to further harden CRNG. CC: Julien Grall Signed-off-by: Sergiy Kibrik Reviewed-by: Julien Grall --- tools/libxl/libxl_arm.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/libxl/libxl_arm.c b/tools/libxl/libxl_arm.c index 34f8a29056..d3a4a72fb7 100644 --- a/tools/libxl/libxl_arm.c +++ b/tools/libxl/libxl_arm.c @@ -304,6 +304,9 @@ static int make_chosen_node(libxl__gc *gc, void *fdt, b= ool ramdisk, { int res; =20 + /* 1024 bit enough to mix Linux CRNG state several times */ + uint8_t seed[128]; + /* See linux Documentation/devicetree/... */ res =3D fdt_begin_node(fdt, "chosen"); if (res) return res; @@ -342,6 +345,11 @@ static int make_chosen_node(libxl__gc *gc, void *fdt, = bool ramdisk, if (res) return res; } =20 + res =3D libxl__random_bytes(gc, seed, sizeof(seed)); + if (res) return res; + res =3D fdt_property(fdt, "rng-seed", seed, sizeof(seed)); + if (res) return res; + res =3D fdt_end_node(fdt); if (res) return res; =20 --=20 2.25.1