Re: x86/random: Speculation to the rescue

From: Kees Cook
Date: Mon Sep 30 2019 - 16:47:43 EST

Next message: Arnd Bergmann: "[PATCH] io_uring: use __kernel_timespec in timeout ABI"
Previous message: H. Peter Anvin: "Re: [PATCH v2 1/3] x86/boot: Introduce the kernel_info"
In reply to: Linus Torvalds: "Re: x86/random: Speculation to the rescue"
Next in thread: Theodore Y. Ts'o: "Re: x86/random: Speculation to the rescue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 30, 2019 at 08:10:15AM +0200, Borislav Petkov wrote:
> On Sun, Sep 29, 2019 at 07:59:19PM -0700, Linus Torvalds wrote:
> > All my smoke testing looked fine - I disabled trusting the CPU, I
> > increased the required entropy a lot, and to actually trigger the
> > lockup issue without the broken user space, I made /dev/urandom do
> > that "wait for entropy" thing too.
>
> Hohum, seems to get rid of the longish delay during boot on my test
> boxes here:

Yes; for me too. This makes a huge difference in my ARM emulation
environments (where I wasn't using virtio-rng-device). Those VMs were
very boot entropy starved -- I was waiting minutes for sshd to start.

I doubt running something like dieharder on urandom would actually show
any deficiencies, but I've started a test up anyway. I'll yell in a few
hours if it actually has something bad to say. :)

--
Kees Cook

Next message: Arnd Bergmann: "[PATCH] io_uring: use __kernel_timespec in timeout ABI"
Previous message: H. Peter Anvin: "Re: [PATCH v2 1/3] x86/boot: Introduce the kernel_info"
In reply to: Linus Torvalds: "Re: x86/random: Speculation to the rescue"
Next in thread: Theodore Y. Ts'o: "Re: x86/random: Speculation to the rescue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]