Michael Kelley f2580a907e x86/hyperv: Use Hyper-V entropy to seed guest random number generator ... A Hyper-V host provides its guest VMs with entropy in a custom ACPI table named "OEM0". The entropy bits are updated each time Hyper-V boots the VM, and are suitable for seeding the Linux guest random number generator (rng). See a brief description of OEM0 in [1]. Generation 2 VMs on Hyper-V use UEFI to boot. Existing EFI code in Linux seeds the rng with entropy bits from the EFI_RNG_PROTOCOL. Via this path, the rng is seeded very early during boot with good entropy. The ACPI OEM0 table provided in such VMs is an additional source of entropy. Generation 1 VMs on Hyper-V boot from BIOS. For these VMs, Linux doesn't currently get any entropy from the Hyper-V host. While this is not fundamentally broken because Linux can generate its own entropy, using the Hyper-V host provided entropy would get the rng off to a better start and would do so earlier in the boot process. Improve the rng seeding for Generation 1 VMs by having Hyper-V specific code in Linux take advantage of the OEM0 table to seed the rng. For Generation 2 VMs, use the OEM0 table to provide additional entropy beyond the EFI_RNG_PROTOCOL. Because the OEM0 table is custom to Hyper-V, parse it directly in the Hyper-V code in the Linux kernel and use add_bootloader_randomness() to add it to the rng. Once the entropy bits are read from OEM0, zero them out in the table so they don't appear in /sys/firmware/acpi/tables/OEM0 in the running VM. The zero'ing is done out of an abundance of caution to avoid potential security risks to the rng. Also set the OEM0 data length to zero so a kexec or other subsequent use of the table won't try to use the zero'ed bits. [1] https://download.microsoft.com/download/1/c/9/1c9813b8-089c-4fef-b2ad-ad80e79403ba/Whitepaper%20-%20The%20Windows%2010%20random%20number%20generation%20infrastructure.pdf Signed-off-by: Michael Kelley <mhklinux@outlook.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com> Link: https://lore.kernel.org/r/20240318155408.216851-1-mhklinux@outlook.com Signed-off-by: Wei Liu <wei.liu@kernel.org> Message-ID: <20240318155408.216851-1-mhklinux@outlook.com>		2024-03-18 22:01:52 +00:00
..
accel
accessibility
acpi
amba
android
ata
atm
auxdisplay
base
bcma
block
bluetooth
bus
cache
cdrom
cdx
char
clk
clocksource	hyperv-tlfs: Change prefix of generic HV_REGISTER_* MSRs to HV_MSR_*	2024-03-04 06:59:18 +00:00
comedi
connector
counter
cpufreq
cpuidle
crypto
cxl
dax
dca
devfreq
dio
dma
dma-buf
dpll
edac
eisa
extcon
firewire
firmware	Microchip firmware driver fixes for v6.8-rc6	2024-02-23 13:53:44 +01:00
fpga
fsi
gnss
gpio
gpu	drm fixes for 6.8-rc6	2024-02-23 09:17:47 -08:00
greybus
hid
hsi
hte
hv	x86/hyperv: Use Hyper-V entropy to seed guest random number generator	2024-03-18 22:01:52 +00:00
hwmon
hwspinlock
hwtracing
i2c	i2c: imx: when being a target, mark the last read as processed	2024-02-23 23:39:35 +01:00
i3c
idle
iio
infiniband
input
interconnect
iommu	IOMMU Fixes for Linux v6.8-rc5	2024-02-24 15:59:26 -08:00
ipack
irqchip
isdn
leds
macintosh
mailbox
mcb
md	- Fix DM integrity and verity targets to not use excessive stack when	2024-02-24 09:55:29 -08:00
media
memory
memstick
message
mfd
misc
mmc
most
mtd
mux
net
nfc
ntb
nubus
nvdimm
nvme
nvmem
of
opp
parisc
parport
pci
pcmcia
peci
perf
phy
pinctrl
platform
pmdomain
pnp
power
powercap
pps
ps3
ptp
pwm
rapidio
ras
regulator
remoteproc
reset
rpmsg
rtc
s390	s390 fixes for 6.8-rc6	2024-02-23 09:54:13 -08:00
sbus
scsi
sh
siox
slimbus
soc	RISC-V SoC driver fixes for v6.8-rc6	2024-02-23 13:53:54 +01:00
soundwire
spi
spmi
ssb
staging
target
tc
tee
thermal
thunderbolt
tty
ufs
uio
usb	USB fixes for 6.8-rc6	2024-02-25 10:41:57 -08:00
vdpa
vfio
vhost
video
virt
virtio
w1
watchdog
xen
zorro
Kconfig
Makefile