CoCo/RDRAND brokenness fixes

[PATCH v2 0/2] CoCo/RDRAND brokenness fixes

Jason A. Donenfeld posted 2 patches 1 year, 11 months ago

Download series mbox

arch/x86/coco/core.c              | 37 +++++++++++++++++++++++++++++++
arch/x86/include/asm/archrandom.h | 18 ++++++---------
arch/x86/include/asm/coco.h       |  2 ++
arch/x86/kernel/setup.c           |  2 ++
4 files changed, 48 insertions(+), 11 deletions(-)

Expand all Fold all

[PATCH v2 0/2] CoCo/RDRAND brokenness fixes

Posted by Jason A. Donenfeld 1 year, 11 months ago

This takes a two-pronged approach to the matter, now that we have
details from Intel and AMD:

- In the generic case, if RDRAND fails, simply WARN(), and don't try
  again. It turns out the "try 10 times" thing isn't actually a correct
  recommendation from Intel. Since RDRAND failure implies CPU failure, a
  WARN() seems in order on all platforms.

- On CoCo machines, where RDRAND failure implies the whole threat model
  is compromised and execution shouldn't continue, we ensure that the
  RNG gets 256-bits of RDRAND at boot, or otherwise fails.

Cc: Borislav Petkov <bp@alien8.de>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Thomas Gleixner <tglx@linutronix.de>

Jason A. Donenfeld (2):
  x86/archrandom: WARN if RDRAND fails and don't retry
  x86/coco: Require seeding RNG with RDRAND on CoCo systems

 arch/x86/coco/core.c              | 37 +++++++++++++++++++++++++++++++
 arch/x86/include/asm/archrandom.h | 18 ++++++---------
 arch/x86/include/asm/coco.h       |  2 ++
 arch/x86/kernel/setup.c           |  2 ++
 4 files changed, 48 insertions(+), 11 deletions(-)

-- 
2.43.0