CoCo VMs On Linux Will Now Panic If RdRand Is Broken To Avoid Catastrophic Conditions

For confidential computing "CoCo" virtual machines where the VM host is assumed to be un-trusted and aims to be as isolated as possible, RdRand hardware random number generator instructions are one of the limited sources of entropy for guest VMs. Right now RdRand can fail and the CoCo guest VMs will continue to boot albeit with limited or no entropy to see the VM's random number generation. But being merged today as part of x86 fixes for Linux 6.9 is now requiring seeding RNG with RdRand for CoCo environments otherwise a kernel panic.

RdRand has been present on Intel CPUs for more than a decade (going back to Ivy Bridge when it was initially codenamed Bull Mountain) and on AMD CPUs going back a decade. But as written about on Phoronix over the years, at times due to CPU and/or motherboard/BIOS issues there are occasionally times where RdRand is outright not working or causing other troubles. With CoCo VMs having a limited source of other entropy when booting to seed the RNG, moving forward the Linux guests will just kernel panic if that critical source of hardware-backed entropy is not available.

As part of this morning's x86 fixes ahead of Linux 6.9-rc3 is a change to require seeding the RNG with RdRand for confidential computing systems.

Security expert and WireGuard developer Jason Donenfeld authored the kernel change to require RdRand for CoCo guests otherwise to kernel panic. He explained in the patch being merged today:

"There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted and may actively work against guests to extract secrets or manipulate computation. Since a malicious host can modify or observe nearly all inputs to guests, the only remaining source of entropy for CoCo guests is RDRAND.

If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole is meant to gracefully continue on gathering entropy from other sources, but since there aren't other sources on CoCo, this is catastrophic. This is mostly a concern at boot time when initially seeding the RNG, as after that the consequences of a broken RDRAND are much more theoretical.

So, try at boot to seed the RNG using 256 bits of RDRAND output. If this fails, panic(). This will also trigger if the system is booted without RDRAND, as RDRAND is essential for a safe CoCo boot."

Without the RdRand seeding, most crypto within the CoCo VM will be broken and therefore defeating most of the motivation for confidential computing. Linux 6.9-rc3 should be out later today with a variety of kernel fixes for the week.