[PATCH v2] rockchip: board: Increase rng-seed size to make it sufficient for modern Linux
Modern Linux requires 32 byte seed to initialize random pool, but u-boot currently provides only 8 bytes. Increase rng-seed size to make Linux happy and initialize rng pool instantly.
Boot with 8 byte rng-seed: # dmesg | grep crng [ 12.089286] random: crng init done Boot with 32 byte rng-seed: # dmesg | grep crng [ 0.000000] random: crng init done
https://github.com/torvalds/linux/blob/7234e2ea0edd00bfb6bb2159e55878c19885c...
Signed-off-by: Alex Shumsky alexthreed@gmail.com Fixes: d2048bafae40 ("rockchip: board: Add board_rng_seed() for all Rockchip devices") ---
Changes in v2: - add env config knob rng_seed_size - 12-character commit SHA in Fixes
arch/arm/mach-rockchip/board.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index 3fadf7e412..f9f0d7214c 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -472,9 +472,15 @@ __weak int misc_init_r(void) __weak int board_rng_seed(struct abuf *buf) { struct udevice *dev; - size_t len = 0x8; + ulong len = env_get_ulong("rng_seed_size", 10, 32); u64 *data;
+ if (len < 32) { + // rng_seed_size should be 32 bytes for Linux 5.19+, or 64 for older Linux'es + log_warning("Too small rng_seed_size (%lu). It is likely insufficient to init linux crng\n", + len); + } + data = malloc(len); if (!data) { printf("Out of memory\n");
Hello Alex,
Thanks for the v2. Please see a few comments below.
On 2024-10-14 19:53, Alex Shumsky wrote:
Modern Linux requires 32 byte seed to initialize random pool, but u-boot currently provides only 8 bytes. Increase rng-seed size to make Linux happy and initialize rng pool instantly.
Boot with 8 byte rng-seed: # dmesg | grep crng [ 12.089286] random: crng init done Boot with 32 byte rng-seed: # dmesg | grep crng [ 0.000000] random: crng init done
https://github.com/torvalds/linux/blob/7234e2ea0edd00bfb6bb2159e55878c19885c...
Signed-off-by: Alex Shumsky alexthreed@gmail.com Fixes: d2048bafae40 ("rockchip: board: Add board_rng_seed() for all Rockchip devices")
Changes in v2:
- add env config knob rng_seed_size
Perhaps the emitted warning should also be mentioned here.
- 12-character commit SHA in Fixes
arch/arm/mach-rockchip/board.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index 3fadf7e412..f9f0d7214c 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -472,9 +472,15 @@ __weak int misc_init_r(void) __weak int board_rng_seed(struct abuf *buf) { struct udevice *dev;
- size_t len = 0x8;
ulong len = env_get_ulong("rng_seed_size", 10, 32); u64 *data;
if (len < 32) {
// rng_seed_size should be 32 bytes for Linux 5.19+, or 64 for olderLinux'es
Shouldn't it be 8 for older kernels?
log_warning("Too small rng_seed_size (%lu). It is likelyinsufficient to init linux crng\n",
len);
Perhaps this would read better:
"Value for rng_seed_size too low (%lu) and likely insufficient for the Linux RNG initialization"
- }
- data = malloc(len); if (!data) { printf("Out of memory\n");
On Mon, Oct 14, 2024 at 9:19 PM Dragan Simic dsimic@manjaro.org wrote:
// rng_seed_size should be 32 bytes for Linux 5.19+, or 64 for olderLinux'es
Shouldn't it be 8 for older kernels?
Looking into source code I would say Linux 5.17 requires 64 bytes to init crng. 8 bytes rng_seed should help somehow, but It will not init crng instantly. Maybe some even Linux required only 8 bytes but I doubt so. 8 bytes was too small for cryptographic PRNG yet 20 years ago.
log_warning("Too small rng_seed_size (%lu). It is likelyinsufficient to init linux crng\n",
len);Perhaps this would read better:
"Value for rng_seed_size too low (%lu) and likely insufficient for the Linux RNG initialization"
Thanks, I will apply It in v3.
On 2024-10-14 20:50, Alex ThreeD wrote:
On Mon, Oct 14, 2024 at 9:19 PM Dragan Simic dsimic@manjaro.org wrote:
// rng_seed_size should be 32 bytes for Linux 5.19+, or 64 for olderLinux'es
Shouldn't it be 8 for older kernels?
Looking into source code I would say Linux 5.17 requires 64 bytes to init crng. 8 bytes rng_seed should help somehow, but It will not init crng instantly. Maybe some even Linux required only 8 bytes but I doubt so. 8 bytes was too small for cryptographic PRNG yet 20 years ago.
To sum up the replies from Marek, the lower limit should be 64.
log_warning("Too small rng_seed_size (%lu). It is likelyinsufficient to init linux crng\n",
len);Perhaps this would read better:
"Value for rng_seed_size too low (%lu) and likely insufficient for the Linux RNG initialization"
Thanks, I will apply It in v3.
Great, thanks!
On Mon, Oct 14, 2024 at 10:00 PM Dragan Simic dsimic@manjaro.org wrote:
To sum up the replies from Marek, the lower limit should be 64.
64 by default, warning for custom values less than 32. Right? Since 32 bytes is sufficient for kernels released in the last 2 years.
On 2024-10-14 21:17, Alex ThreeD wrote:
On Mon, Oct 14, 2024 at 10:00 PM Dragan Simic dsimic@manjaro.org wrote:
To sum up the replies from Marek, the lower limit should be 64.
64 by default, warning for custom values less than 32. Right? Since 32 bytes is sufficient for kernels released in the last 2 years.
I'd keep both the default and the warning threshold at 64. I think it's much safer that way.
On 10/14/24 9:28 PM, Dragan Simic wrote:
On 2024-10-14 21:17, Alex ThreeD wrote:
On Mon, Oct 14, 2024 at 10:00 PM Dragan Simic dsimic@manjaro.org wrote:
To sum up the replies from Marek, the lower limit should be 64.
64 by default, warning for custom values less than 32. Right? Since 32 bytes is sufficient for kernels released in the last 2 years.
I'd keep both the default and the warning threshold at 64. I think it's much safer that way.
Sounds good to me, thanks !
participants (4)
-
Alex Shumsky -
Alex ThreeD
-
Dragan Simic -
Marek Vasut