Linux 6.0 To Continue Advancing Its Random Number Generator (RNG)
In addition to being busy leading WireGuard, Jason Donenfeld continues working heavily on the Linux kernel's random number generator (RNG) code. For Linux 6.0, a number of RNG improvements are ready.
For this next version of the Linux kernel the x86 RdRand boot-time test has been made more robust for determining whether or not to disable this extension usage if it appears faulty. the "nordrand" and "CONFIG_ARCH_RANDOM" options have been dropped in favor of "random.trust_cpu" and "CONFIG_RANDOM_TRUST_CPU" options, and other RNG improvements.
Exciting Donenfeld the most with the Linux 6.0 RNG changes are a mechanism for bootloaders, hypervisors, and Kexec to pass a random seed to the kernel for initializing the random number generator. He explains in the pull request:
More details on the RNG changes for the Linux 6.0 kernel cycle via this pull request.
For this next version of the Linux kernel the x86 RdRand boot-time test has been made more robust for determining whether or not to disable this extension usage if it appears faulty. the "nordrand" and "CONFIG_ARCH_RANDOM" options have been dropped in favor of "random.trust_cpu" and "CONFIG_RANDOM_TRUST_CPU" options, and other RNG improvements.
Exciting Donenfeld the most with the Linux 6.0 RNG changes are a mechanism for bootloaders, hypervisors, and Kexec to pass a random seed to the kernel for initializing the random number generator. He explains in the pull request:
on x86 and m68k, there is now a mechanism for bootloaders, hypervisors, and kexec to pass a random seed to the kernel for initializing the RNG. These platform-specific mechanisms aren't actually in this pull, but will come via the x86 tree and the m68k tree, but they are worth mentioning nonetheless.
Device tree-based architectures have had this capability since 2019, via the little-used "rng-seed" parameter in the FDT, and EFI has its own similar thing since 2016, but platforms with neither FDT nor EFI were left out.
These changes correspond with related work in QEMU, slated for release in 7.1, as well as in kexec-tools, which add support for these bootloader RNG seed mechanisms, both the new ones for x86 and m68k, as well as finally making use of the "rng-seed" FDT parameter on missing applicable platforms.
Taken together, these represent a small step toward eliminating the boot time entropy issue, at least from the kernel's perspective, by providing a means of passing the responsibility up the chain a level. Hypervisors and kexec are obviously in an excellent position to provide this, which is why I've added it there first. But also, this opens up opportunities for bootloaders to safely manage seed files, much like has been done on the BSDs and various other operating systems for a long time. And some arm64 firmware is already providing this through the "rng-seed" FDT parameter.
More details on the RNG changes for the Linux 6.0 kernel cycle via this pull request.
2 Comments