[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: privileged entropy sources in QEMU/KVM guests
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: privileged entropy sources in QEMU/KVM guests |
|
Date: |
Thu, 7 Nov 2019 11:52:03 +0000 |
|
User-agent: |
Mutt/1.12.1 (2019-06-15) |
On Thu, Nov 07, 2019 at 11:10:57AM +0100, Laszlo Ersek wrote:
> Hi,
>
> related TianoCore BZ:
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=1871
>
> (I'm starting this thread separately because at least some of the topics
> are specific to QEMU, and I didn't want to litter the BZ with a
> discussion that may not be interesting to all participants CC'd on the
> BZ. I am keeping people CC'd on this initial posting; please speak up if
> you'd like to be dropped from the email thread.)
>
> QEMU provides guests with the virtio-rng device, and the OVMF and
> ArmVirtQemu* edk2 platforms build EFI_RNG_PROTOCOL on top of that
> device. But, that doesn't seem enough for all edk2 use cases.
>
> Also, virtio-rng (hence EFI_RNG_PROTOCOL too) is optional, and its
> absence may affect some other use cases.
The optional nature of virtio-rng is something that results in the
the same problems for Linux.
If virtio-rng is absent, then Linux now has a general purpose fallback
via the CPU timing jitter entropy source:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb5530e4082446aac3a3d69780cd4dbfa4520013
Is it practical to provide a jitter entropy source for EDK2
too ?
> (1) For UEFI HTTPS boot, TLS would likely benefit from good quality
> entropy. If the VM config includes virtio-rng (hence the guest firmware
> has EFI_RNG_PROTOCOL), then it should be used as a part of HTTPS boot.
>
> However, what if virtio-rng (hence EFI_RNG_PROTOCOL) are absent? Should
> UEFI HTTPS boot be disabled completely (or prevented / rejected
> somehow), blaming lack of good entropy? Or should TLS silently fall back
> to "mixing some counters [such as TSC] together and applying a
> deterministic cryptographic transformation"?
>
> IOW, knowing that the TLS setup may not be based on good quality
> entropy, should we allow related firmware services to "degrade silently"
> (not functionally, but potentially in security), or should we deny the
> services altogether?
If we can guarantee we always present fallback like jitterentropy
then the problem with TLS init goes away IIUC.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: privileged entropy sources in QEMU/KVM guests, (continued)
Re: privileged entropy sources in QEMU/KVM guests, Laszlo Ersek, 2019/11/07
Re: privileged entropy sources in QEMU/KVM guests,
Daniel P . Berrangé <=