[PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material

Tue May 17 16:25:08 UTC 2022

Hello Mimi,

[Cc'ing RNG maintainers in case they want to chime in]

On 17.05.22 17:52, Mimi Zohar wrote:
> On Fri, 2022-05-13 at 16:57 +0200, Ahmad Fatoum wrote:
>>  static int __init init_trusted(void)
>>  {
>> +       int (*get_random)(unsigned char *key, size_t key_len);
>>         int i, ret = 0;
>>  
>>         for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
>> @@ -322,6 +333,28 @@ static int __init init_trusted(void)
>>                             strlen(trusted_key_sources[i].name)))
>>                         continue;
>>  
>> +               /*
>> +                * We always support trusted.rng="kernel" and "default" as
>> +                * well as trusted.rng=$trusted.source if the trust source
>> +                * defines its own get_random callback.
>> +                */
>  
> While TEE trusted keys support was upstreamed, there was a lot of
> discussion about using kernel RNG.  One of the concerns was lack of or
> insuffiencent entropy during early boot on embedded devices.  This
> concern needs to be clearly documented in both Documentation/admin-
> guide/kernel-parameters.txt and Documentation/security/keys/trusted-
> encrypted.rst.

If a user decides to use kernel RNG for trusted keys, wait_for_random_bytes()
called first thing in the used get_random_bytes_wait() will (quoting
documentation) "wait for the input pool to be seeded and thus [is] guaranteed
to supply cryptographically secure random numbers."

Does this address your concerns about Kernel RNG use?

Thanks,
Ahmad

> 
> thanks,
> 
> Mimi
> 
>> +               get_random = trusted_key_sources[i].ops->get_random;
>> +               if (trusted_rng && strcmp(trusted_rng, "default")) {
>> +                       if (!strcmp(trusted_rng, "kernel")) {
>> +                               get_random = kernel_get_random;
>> +                       } else if (strcmp(trusted_rng, trusted_key_sources[i].name) ||
>> +                                  !get_random) {
>> +                               pr_warn("Unsupported RNG. Supported: kernel");
>> +                               if (get_random)
>> +                                       pr_cont(", %s", trusted_key_sources[i].name);
>> +                               pr_cont(", default\n");
>> +                               return -EINVAL;
>> +                       }
>> +               }
>> +
>> +               if (!get_random)
>> +                       get_random = kernel_get_random;
>> +
>>                 static_call_update(trusted_key_init,
>>                                    trusted_key_sources[i].ops->init);
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |