On 10/14/24 12:37 PM, Dragan Simic wrote:
Hello Marek,
On 2024-10-14 12:35, Marek Vasut wrote:
On 10/14/24 12:32 PM, Dragan Simic wrote:
On 2024-10-14 12:26, Alex ThreeD wrote:
On Mon, Oct 14, 2024 at 12:10 AM Marek Vasut marex@denx.de wrote:
Let's make this override-able via environment variable, because this might be growing in the future again. Does this work ?
size_t len = env_get_ulong("kaslrseed_size", 10, 32);
Maybe `env_get_hex("rng_seed_size", 32)` would be better? As most other env are hexadecimal.
Actually it seems that entropy required to init pool early has decreased in Linux 5.19 from 64 bytes (2 * CHACHA_KEY_SIZE) to 32 bytes (BLAKE2S_HASH_SIZE) https://elixir.bootlin.com/linux/v5.18/source/drivers/char/ random.c#L236 https://elixir.bootlin.com/linux/v5.19/source/drivers/char/ random.c#L551 Anyway config knob should not harm.
I think that the value received from the new environment variable should be accepted only if it's greater than some hardcoded value, in this case 32. That way, someone won't be able to misconfigure their board environment and cause the early random pool initialization to be postponed.
Using low number could be useful for testing. Print a WARNING if the number is too low perhaps?
Yes, testing with low values has also crossed my mind. Priting such warnings would be a viable option.
Sounds good then, thanks !