Re: [PATCH] hw/i386: pass RNG seed to e820 setup table

[Jason A. Donenfeld]

Hi Daniel,

On Fri, Jul 8, 2022 at 2:00 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Thu, Jun 30, 2022 at 01:37:17PM +0200, Jason A. Donenfeld wrote:
> > Tiny machines optimized for fast boot time generally don't use EFI,
> > which means a random seed has to be supplied some other way, in this
> > case by the e820 setup table, which supplies a place for one. This
> > commit adds passing this random seed via the table. It is confirmed to
> > be working with the Linux patch in the link.
>
> IIUC, this approach will only expose the random seed when QEMU
> is booted using -kernel + -initrd args.
>
> I agree with what you say about most VMs not using UEFI right now.
> I'd say the majority of general purpose VMs are using SeaBIOS
> still. The usage of -kernel + -initrd, is typically for more
> specialized use cases.

Highly disagree, based on seeing a lot of real world deployment.
Furthermore, this is going to be used within Linux itself for kexec,
so it makes sense to use it here too.

> Can we get an approach that exposes a random seed regardless of
> whether using -kernel, or seabios, or uefi, or $whatever firmware ?

No.

> Perhaps (ab)use 'fw_cfg', which is exposed for any x86 VM no matter
> what config it has for booting ?

That approach is super messy and doesn't work. I've already gone down
that route.

The entire point here is to include the seed on this part of the boot
protocol. There might be other opportunities for doing it elsewhere.
For example, EFI already has a thing.

Please don't sink a good idea because it doesn't handle every possible
use case. That type of mentality is just going to result in nothing
ever getting done anywhere, making a decades old problem last for
another decade. This patch here is simple and makes a tangible
incremental advance toward something good, and fits the pattern of how
it's done on all other platforms.

Thanks,
Jason