tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Lightweight support for instruction RNGs



On Sun, Dec 20, 2015 at 05:44:35PM -0500, Thor Lancelot Simon wrote:
> 
> Even without the latter, surely there is value to the former.  I
> believe it would serve for a number of other CPUs; for example I
> believe the RNG on Octeon and its successors is instruction based,
> and this way we could have a _single_ rndsource driver for all
> such CPUs rather than many drivers.

Not Octeon -- digging around, it must have been a different MIPSy
thing I was playing with.  So far, the original VIA design, plus the
two Intel ones.

I personally think it's nice to have an abstraction that covers at
least these 3 cases, which I really do think is directly analogous
to how we wrap cycle counter instructions with cpu_counter().

I can certainly wrap it in a rndsource, and drop the RNG code from the
Padlock driver, though I am not so sure that is better than what I
already did (again, please, I would really appreciate it if anyone would
_look at the code_ and think about it before commenting!).

If one doesn't think CPU RNGs are trustworthy (and many people seem
not to) then I would submit one should be happier with what I did
than with such a source wrapped in a rndsource, because what I did
guarantees that every single CPU RNG sample is mixed with input
from another source.  And it's cheaper, and it's much less code.

I can do it the other way too.  But could I get anyone to look at
the code and comment?

Thor


Home | Main Index | Thread Index | Old Index