Re: [PATCH] x86: re-initialize RNG seed when selecting kernel

[Jason A. Donenfeld]

Hi Peter,

On Mon, Sep 26, 2022 at 7:05 PM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Mon, 26 Sept 2022 at 17:53, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> > On both x86 and dtb-based archs, the seed in memory is zeroed out by the
> > kernel after reading. So, as far as the guest is concerned, there's
> > forward secrecy. Except! Except if the guest has someway of
> > re-requesting that seed from the host. This patch prevents that from
> > happening through fw_cfg on x86. Somebody told me last week that device
> > tree archs don't use fw_cfg, so this won't be a problem there. I haven't
> > yet looked to verify that yet, though, or looked if there are other
> > mechanisms.
>
> I am leaping in here with no context, so I may well have
> the wrong end of the stick, but:
>
> "does this system have a fw_cfg device" and "does this system
> pass a device tree to the kernel" are orthogonal questions:
>
>  fw_cfg, no device tree: classic x86 pc; arm virt board when
>    booting UEFI firmware in the guest
>  fw_cfg, device tree: arm virt board booting a kernel directly
>  no fw_cfg, device tree: arm vexpress-a15 board (or any other
>    just-emulating-hardware machine type)
>  no fw_cfg, no device tree: arm sbsa-ref board (and probably
>    lots of non-arm architecture machines too)

Okay it sounds like I've got to look into this indeed (as my "yet" in
the previous message suggested). Specifically, the case relevant to
this discussion is device tree that goes through fw_cfg. I've got a
few other investigations I'd like to do over there anyway (looking
into how reboots work), so I'll send a series for that when I've got
things worked out.

For the time being, though, this x86 work here is independent of that.
But I suppose you can expect to hear from me not before long about
device tree things.

Jason