Re: [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material
From: Mimi Zohar
Date: Tue May 17 2022 - 11:53:46 EST
On Fri, 2022-05-13 at 16:57 +0200, Ahmad Fatoum wrote:
> static int __init init_trusted(void)
> {
> + int (*get_random)(unsigned char *key, size_t key_len);
> int i, ret = 0;
>
> for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
> @@ -322,6 +333,28 @@ static int __init init_trusted(void)
> strlen(trusted_key_sources[i].name)))
> continue;
>
> + /*
> + * We always support trusted.rng="kernel" and "default" as
> + * well as trusted.rng=$trusted.source if the trust source
> + * defines its own get_random callback.
> + */
While TEE trusted keys support was upstreamed, there was a lot of
discussion about using kernel RNG. One of the concerns was lack of or
insuffiencent entropy during early boot on embedded devices. This
concern needs to be clearly documented in both Documentation/admin-
guide/kernel-parameters.txt and Documentation/security/keys/trusted-
encrypted.rst.
thanks,
Mimi
> + get_random = trusted_key_sources[i].ops->get_random;
> + if (trusted_rng && strcmp(trusted_rng, "default")) {
> + if (!strcmp(trusted_rng, "kernel")) {
> + get_random = kernel_get_random;
> + } else if (strcmp(trusted_rng, trusted_key_sources[i].name) ||
> + !get_random) {
> + pr_warn("Unsupported RNG. Supported: kernel");
> + if (get_random)
> + pr_cont(", %s", trusted_key_sources[i].name);
> + pr_cont(", default\n");
> + return -EINVAL;
> + }
> + }
> +
> + if (!get_random)
> + get_random = kernel_get_random;
> +
> static_call_update(trusted_key_init,
> trusted_key_sources[i].ops->init);