On Wed, Jan 11, 2023 at 09:44:34AM +0100, Ard Biesheuvel wrote:
On Tue, 10 Jan 2023 at 20:45, Jason A. Donenfeld Jason@zx2c4.com wrote:
On Tue, Jan 10, 2023 at 6:09 PM Greg KH gregkh@linuxfoundation.org wrote:
On Tue, Jan 10, 2023 at 05:57:21PM +0100, Jason A. Donenfeld wrote:
Thanks! IIRC, this applies to all current stable kernels (now that you've sunsetted 4.9).
It does not apply cleanly to 5.4.y or 4.19.y or 4.14.y so can you provide working backports for them?
I did 5.4.y, which turned out to be hairy than I wanted. You and Ard can decide if you want it or not. I'll leave 4.19 and 4.14 for another day.
I appreciate you spending the effort, but I'm not convinced this is worth the risk. You are backporting new functionality (invoking the firmware's RNG protocol at boot on x86), and we might end up regressing on systems where the firmware's implementation is problematic, even if the patch by itself is correct. This applies to mixed mode especially, as the conversion between Win64 and i386 calling conventions has kicked up some very surprising issues in the past.
Alright, yea, I was afraid that might be the case indeed. Oh well.
So this means that for the purposes of systemd's usage of this, 5.10+ is the relevant cut-off. I'm noting it here because I'm sure I'll forget, and the question is bound to come up down the road.
Jason