[PATCH] rockchip: board: Increase rng-seed size to make it sufficient for modern Linux
Marek Vasut
marex at denx.de
Mon Oct 14 14:10:19 CEST 2024
On 10/14/24 12:57 PM, Dragan Simic wrote:
> On 2024-10-14 12:52, Marek Vasut wrote:
>> On 10/14/24 12:37 PM, Dragan Simic wrote:
>>> On 2024-10-14 12:35, Marek Vasut wrote:
>>>> On 10/14/24 12:32 PM, Dragan Simic wrote:
>>>>> On 2024-10-14 12:26, Alex ThreeD wrote:
>>>>>> On Mon, Oct 14, 2024 at 12:10 AM Marek Vasut <marex at denx.de> wrote:
>>>>>>> Let's make this override-able via environment variable, because this
>>>>>>> might be growing in the future again. Does this work ?
>>>>>>>
>>>>>>> size_t len = env_get_ulong("kaslrseed_size", 10, 32);
>>>>>>
>>>>>> Maybe `env_get_hex("rng_seed_size", 32)` would be better? As most
>>>>>> other env are
>>>>>> hexadecimal.
>>>>>>
>>>>>> Actually it seems that entropy required to init pool early has
>>>>>> decreased in
>>>>>> Linux 5.19 from 64 bytes (2 * CHACHA_KEY_SIZE) to 32 bytes
>>>>>> (BLAKE2S_HASH_SIZE)
>>>>>> https://elixir.bootlin.com/linux/v5.18/source/drivers/char/
>>>>>> random.c#L236
>>>>>> https://elixir.bootlin.com/linux/v5.19/source/drivers/char/
>>>>>> random.c#L551
>>>>>> Anyway config knob should not harm.
>>>>>
>>>>> I think that the value received from the new environment variable
>>>>> should be accepted only if it's greater than some hardcoded value,
>>>>> in this case 32. That way, someone won't be able to misconfigure
>>>>> their board environment and cause the early random pool initialization
>>>>> to be postponed.
>>>>
>>>> Using low number could be useful for testing. Print a WARNING if the
>>>> number is too low perhaps?
>>>
>>> Yes, testing with low values has also crossed my mind. Priting such
>>> warnings would be a viable option.
>>
>> Sounds good then, thanks!
>
> Thank you. :) My early thoughts were like "wow, someone can break
> their early random pool initialization this way", but right after
> that something like "well, breaking many other things is already
> possible in the same way" crossed my mind. :)
That crossed my mind too, but ...
> So, yes, just printing such warnings is perfectly fine.
... right. U-Boot is a debug tool and boot monitor, so it gives user the
freedom to do whatever they want/need/..., which includes the obligatory
footgun .
If the concern is lockdown of U-Boot env so it cannot induce negative
side effects, there is CONFIG_ENV_WRITEABLE_LIST and others for those
purposes.
More information about the U-Boot
mailing list