Skip to content
This repository has been archived by the owner. It is now read-only.

kconfig: build-in hardware RNG drivers #2430

Closed
lucab opened this issue May 15, 2018 · 5 comments
Closed

kconfig: build-in hardware RNG drivers #2430

lucab opened this issue May 15, 2018 · 5 comments

Comments

@lucab
Copy link
Member

@lucab lucab commented May 15, 2018

As of 1772.0.0, our kernel config enables support for hardware random number generators and builds a couple of drivers as modules (CONFIG_HW_RANDOM_VIRTIO and CONFIG_HW_RANDOM_TIMERIOMEM in commonconfig). In order to speed up entropy gathering at early boot (and hopefully sidestep #2429 and similar issues), it would be convenient to build in the most common drivers.

From a quick look around, this would be my proposed list:

CONFIG_HW_RANDOM_VIRTIO=y
CONFIG_HW_RANDOM_CAVIUM=y
CONFIG_HW_RANDOM_VIA=y
CONFIG_HW_RANDOM_INTEL=y
CONFIG_HW_RANDOM_AMD=y

Two additional sidenotes:

  • timeriomem-rng is not available on any of the platforms we support, thus it can be safely disabled
  • in order to properly use virtio-rng the host needs to pass -device virtio-rng-pci
@glevand
Copy link

@glevand glevand commented May 15, 2018

Probably want to include HW_RANDOM_HISI for their arm64 server chips.

@glevand
Copy link

@glevand glevand commented May 15, 2018

Current configs give this.

arm64-kernel-config
CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_VIRTIO=m
CONFIG_HW_RANDOM_MSM=y
CONFIG_HW_RANDOM_XGENE=y
CONFIG_HW_RANDOM_CAVIUM=y
CONFIG_HW_RANDOM_MTK=y
CONFIG_HW_RANDOM_TPM=y
amd64-kernel-config
CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_VIRTIO=m
@bgilbert bgilbert self-assigned this May 16, 2018
@bgilbert
Copy link
Member

@bgilbert bgilbert commented May 16, 2018

HW_RANDOM_HISI depends on ARCH_HISI, which we don't set.

I agree that timeriomem is unlikely to be used anywhere, but it's cheap to keep building it as a module and will avoid any accidental breakage.

coreos/scripts#813 enables -device virtio-rng-pci in coreos_production_qemu.sh. We could do the same for kola, but it seems safer to continue to test instances that don't have special provisions for obtaining entropy.

@bgilbert
Copy link
Member

@bgilbert bgilbert commented May 18, 2018

@bgilbert bgilbert closed this May 18, 2018
@bgilbert
Copy link
Member

@bgilbert bgilbert commented May 23, 2018

This should be fixed in alpha 1786.0.1, due shortly.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.