tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

hwrng: core - Allow runtime disabling of the HW RNG

The HW RNG core allows for manual selection of which RNG device to use,
but does not allow for no device to be enabled. It may be desirable to
do this on systems with only a single suitable hardware RNG, where we
need exclusive access to other functionality on this device. In
particular when performing TPM firmware upgrades this lets us ensure the
kernel does not try to access the device.

Before:

root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
/sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0
/sys/devices/virtual/misc/hw_random/rng_current:tpm-rng-0
/sys/devices/virtual/misc/hw_random/rng_quality:1024
/sys/devices/virtual/misc/hw_random/rng_selected:0

After:

root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
/sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0 none
/sys/devices/virtual/misc/hw_random/rng_current:tpm-rng-0
/sys/devices/virtual/misc/hw_random/rng_quality:1024
/sys/devices/virtual/misc/hw_random/rng_selected:0

root@debian-qemu-efi:~# echo none > /sys/devices/virtual/misc/hw_random/rng_current
root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
/sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0 none
/sys/devices/virtual/misc/hw_random/rng_current:none
grep: /sys/devices/virtual/misc/hw_random/rng_quality: No such device
/sys/devices/virtual/misc/hw_random/rng_selected:1

(Observe using bpftrace no calls to TPM being made)

root@debian-qemu-efi:~# echo "" > /sys/devices/virtual/misc/hw_random/rng_current
root@debian-qemu-efi:~# grep "" /sys/devices/virtual/misc/hw_random/rng_*
/sys/devices/virtual/misc/hw_random/rng_available:tpm-rng-0 none
/sys/devices/virtual/misc/hw_random/rng_current:tpm-rng-0
/sys/devices/virtual/misc/hw_random/rng_quality:1024
/sys/devices/virtual/misc/hw_random/rng_selected:0

(Observe using bpftrace that calls to the TPM resume)

Signed-off-by: Jonathan McDowell <noodles@meta.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Jonathan McDowell and committed by
Herbert Xu e74b96d7 7cf6e0b6

+6 -3
+6 -3
drivers/char/hw_random/core.c
··· 341 341 342 342 if (sysfs_streq(buf, "")) { 343 343 err = enable_best_rng(); 344 + } else if (sysfs_streq(buf, "none")) { 345 + cur_rng_set_by_user = 1; 346 + drop_current_rng(); 344 347 } else { 345 348 list_for_each_entry(rng, &rng_list, list) { 346 349 if (sysfs_streq(rng->name, buf)) { ··· 395 392 strlcat(buf, rng->name, PAGE_SIZE); 396 393 strlcat(buf, " ", PAGE_SIZE); 397 394 } 398 - strlcat(buf, "\n", PAGE_SIZE); 395 + strlcat(buf, "none\n", PAGE_SIZE); 399 396 mutex_unlock(&rng_mutex); 400 397 401 398 return strlen(buf); ··· 547 544 /* Adjust quality field to always have a proper value */ 548 545 rng->quality = min_t(u16, min_t(u16, default_quality, 1024), rng->quality ?: 1024); 549 546 550 - if (!current_rng || 551 - (!cur_rng_set_by_user && rng->quality > current_rng->quality)) { 547 + if (!cur_rng_set_by_user && 548 + (!current_rng || rng->quality > current_rng->quality)) { 552 549 /* 553 550 * Set new rng as current as the new rng source 554 551 * provides better entropy quality and was not