New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kconfig: build-in hardware RNG drivers #2430

Closed
lucab opened this Issue May 15, 2018 · 5 comments

Comments

Projects
None yet
3 participants
@lucab
Member

lucab commented May 15, 2018

As of 1772.0.0, our kernel config enables support for hardware random number generators and builds a couple of drivers as modules (CONFIG_HW_RANDOM_VIRTIO and CONFIG_HW_RANDOM_TIMERIOMEM in commonconfig). In order to speed up entropy gathering at early boot (and hopefully sidestep #2429 and similar issues), it would be convenient to build in the most common drivers.

From a quick look around, this would be my proposed list:

CONFIG_HW_RANDOM_VIRTIO=y
CONFIG_HW_RANDOM_CAVIUM=y
CONFIG_HW_RANDOM_VIA=y
CONFIG_HW_RANDOM_INTEL=y
CONFIG_HW_RANDOM_AMD=y

Two additional sidenotes:

  • timeriomem-rng is not available on any of the platforms we support, thus it can be safely disabled
  • in order to properly use virtio-rng the host needs to pass -device virtio-rng-pci
@glevand

This comment has been minimized.

glevand commented May 15, 2018

Probably want to include HW_RANDOM_HISI for their arm64 server chips.

@glevand

This comment has been minimized.

glevand commented May 15, 2018

Current configs give this.

arm64-kernel-config
CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_VIRTIO=m
CONFIG_HW_RANDOM_MSM=y
CONFIG_HW_RANDOM_XGENE=y
CONFIG_HW_RANDOM_CAVIUM=y
CONFIG_HW_RANDOM_MTK=y
CONFIG_HW_RANDOM_TPM=y
amd64-kernel-config
CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_VIRTIO=m

@bgilbert bgilbert self-assigned this May 16, 2018

@bgilbert

This comment has been minimized.

Member

bgilbert commented May 16, 2018

HW_RANDOM_HISI depends on ARCH_HISI, which we don't set.

I agree that timeriomem is unlikely to be used anywhere, but it's cheap to keep building it as a module and will avoid any accidental breakage.

coreos/scripts#813 enables -device virtio-rng-pci in coreos_production_qemu.sh. We could do the same for kola, but it seems safer to continue to test instances that don't have special provisions for obtaining entropy.

@bgilbert

This comment has been minimized.

Member

bgilbert commented May 18, 2018

@bgilbert bgilbert closed this May 18, 2018

@bgilbert

This comment has been minimized.

Member

bgilbert commented May 23, 2018

This should be fixed in alpha 1786.0.1, due shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment