[PATCH] rockchip: board: Increase rng-seed size to make it sufficient for modern Linux
Marek Vasut
marex at denx.de
Mon Oct 14 12:52:02 CEST 2024
On 10/14/24 12:37 PM, Dragan Simic wrote:
> Hello Marek,
>
> On 2024-10-14 12:35, Marek Vasut wrote:
>> On 10/14/24 12:32 PM, Dragan Simic wrote:
>>> On 2024-10-14 12:26, Alex ThreeD wrote:
>>>> On Mon, Oct 14, 2024 at 12:10 AM Marek Vasut <marex at denx.de> wrote:
>>>>> Let's make this override-able via environment variable, because this
>>>>> might be growing in the future again. Does this work ?
>>>>>
>>>>> size_t len = env_get_ulong("kaslrseed_size", 10, 32);
>>>>
>>>> Maybe `env_get_hex("rng_seed_size", 32)` would be better? As most
>>>> other env are
>>>> hexadecimal.
>>>>
>>>> Actually it seems that entropy required to init pool early has
>>>> decreased in
>>>> Linux 5.19 from 64 bytes (2 * CHACHA_KEY_SIZE) to 32 bytes
>>>> (BLAKE2S_HASH_SIZE)
>>>> https://elixir.bootlin.com/linux/v5.18/source/drivers/char/
>>>> random.c#L236
>>>> https://elixir.bootlin.com/linux/v5.19/source/drivers/char/
>>>> random.c#L551
>>>> Anyway config knob should not harm.
>>>
>>> I think that the value received from the new environment variable
>>> should be accepted only if it's greater than some hardcoded value,
>>> in this case 32. That way, someone won't be able to misconfigure
>>> their board environment and cause the early random pool initialization
>>> to be postponed.
>>
>> Using low number could be useful for testing. Print a WARNING if the
>> number is too low perhaps?
>
> Yes, testing with low values has also crossed my mind. Priting such
> warnings would be a viable option.
Sounds good then, thanks !
More information about the U-Boot
mailing list