On Sat, Feb 24, 2024 at 02:18:56AM +0100, Jason A. Donenfeld wrote:
+__init void cc_random_init(void) +{
- /*
* The seed is 32 bytes (in units of longs), which is 256 bits, which* is the security level that the RNG is targeting.*/- unsigned long rng_seed[32 / sizeof(long)];
- size_t i, longs;
- if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
return;- /*
* Since the CoCo threat model includes the host, the only reliable* source of entropy that can be neither observed nor manipulated is* RDRAND. Usually, RDRAND failure is considered tolerable, but since* CoCo guests have no other unobservable source of entropy, it's* important to at least ensure the RNG gets some initial random seeds.*/- for (i = 0; i < ARRAY_SIZE(rng_seed); i += longs) {
longs = arch_get_random_longs(&rng_seed[i], ARRAY_SIZE(rng_seed) - i);/** A zero return value means that the guest doesn't have RDRAND* or the CPU is physically broken, and in both cases that* means most crypto inside of the CoCo instance will be* broken, defeating the purpose of CoCo in the first place. So* just panic here because it's absolutely unsafe to continue* executing.*/if (longs == 0)panic("RDRAND is defective.");- }
- add_device_randomness(rng_seed, sizeof(rng_seed));
- memzero_explicit(rng_seed, sizeof(rng_seed));
Please redo your patch ontop of latest tip/master:
arch/x86/coco/core.c: In function ‘cc_random_init’: arch/x86/coco/core.c:189:9: error: implicit declaration of function ‘memzero_explicit’ [-Werror=implicit-function-declaration] 189 | memzero_explicit(rng_seed, sizeof(rng_seed)); | ^~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors make[4]: *** [scripts/Makefile.build:244: arch/x86/coco/core.o] Error 1 make[3]: *** [scripts/Makefile.build:485: arch/x86/coco] Error 2 make[3]: *** Waiting for unfinished jobs.... make[2]: *** [scripts/Makefile.build:485: arch/x86] Error 2 make[2]: *** Waiting for unfinished jobs.... make[1]: *** [/mnt/kernel/kernel/2nd/linux/Makefile:1919: .] Error 2 make: *** [Makefile:240: __sub-make] Error 2
Thx.