• Jason A. Donenfeld's avatar
    hwrng: core - treat default_quality as a maximum and default to 1024 · 16bdbae3
    Jason A. Donenfeld authored
    Most hw_random devices return entropy which is assumed to be of full
    quality, but driver authors don't bother setting the quality knob. Some
    hw_random devices return less than full quality entropy, and then driver
    authors set the quality knob. Therefore, the entropy crediting should be
    opt-out rather than opt-in per-driver, to reflect the actual reality on
    the ground.
    
    For example, the two Raspberry Pi RNG drivers produce full entropy
    randomness, and both EDK2 and U-Boot's drivers for these treat them as
    such. The result is that EFI then uses these numbers and passes the to
    Linux, and Linux credits them as boot, thereby initializing the RNG.
    Yet, in Linux, the quality knob was never set to anything, and so on the
    chance that Linux is booted without EFI, nothing is ever credited.
    That's annoying.
    
    The same pattern appears to repeat itself throughout various drivers. In
    fact, very very few drivers have bothered setting quality=1024.
    
    Looking at the git history of existing drivers and corresponding mailing
    list discussion, this conclusion tracks. There's been a decent amount of
    discussion about drivers that set quality < 1024 -- somebody read and
    interepreted a datasheet, or made some back of the envelope calculation
    somehow. But there's been very little, if any, discussion about most
    drivers where the quality is just set to 1024 or unset (or set to 1000
    when the authors misunderstood the API and assumed it was base-10 rather
    than base-2); in both cases the intent was fairly clear of, "this is a
    hardware random device; it's fine."
    
    So let's invert this logic. A hw_random struct's quality knob now
    controls the maximum quality a driver can produce, or 0 to specify 1024.
    Then, the module-wide switch called "default_quality" is changed to
    represent the maximum quality of any driver. By default it's 1024, and
    the quality of any particular driver is then given by:
    
        min(default_quality, rng->quality ?: 1024);
    
    This way, the user can still turn this off for weird reasons (and we can
    replace whatever driver-specific disabling hacks existed in the past),
    yet we get proper crediting for relevant RNGs.
    
    Cc: Dominik Brodowski <linux@dominikbrodowski.net>
    Cc: Ard Biesheuvel <ardb@kernel.org>
    Cc: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    16bdbae3
chaoskey.c 13.3 KB