[rng] Allow entropy source to be selected at runtime

As noted in commit 3c83843 ("[rng] Check for several functioning RTC interrupts"), experimentation shows that Hyper-V cannot be trusted to reliably generate RTC interrupts. (As noted in commit f3ba0fb ("[hyperv] Provide timer based on the 10MHz time reference count MSR"), Hyper-V appears to suffer from a general problem in reliably generating any legacy interrupts.) An alternative entropy source is therefore required for an image that may be used in a Hyper-V Gen1 virtual machine. The x86 RDRAND instruction provides a suitable alternative entropy source, but may not be supported by all CPUs. We must therefore allow for multiple entropy sources to be compiled in, with the single active entropy source selected only at runtime. Restructure the internal entropy API to allow a working entropy source to be detected and chosen at runtime. Enable the RDRAND entropy source for all x86 builds, since it is likely to be substantially faster than any other source. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-21 20:40:25 +03:00 · 2023-02-17 16:56:11 +00:00
parent 2733c4763a
commit 9f17d1116d
18 changed files with 512 additions and 591 deletions
--- a/src/arch/x86/interface/pcbios/rtc_entropy.c
+++ b/src/arch/x86/interface/pcbios/rtc_entropy.c
@@ -39,6 +39,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/cpuid.h>
 #include <ipxe/entropy.h>

+struct entropy_source rtc_entropy __entropy_source ( ENTROPY_NORMAL );
+
 /** Maximum time to wait for an RTC interrupt, in milliseconds */
 #define RTC_MAX_WAIT_MS 100

@@ -203,6 +205,21 @@ static int rtc_entropy_enable ( void ) {
 	if ( ( rc = rtc_entropy_check() ) != 0 )
 		goto err_check;

+	/* The min-entropy has been measured on several platforms
+	 * using the entropy_sample test code.  Modelling the samples
+	 * as independent, and using a confidence level of 99.99%, the
+	 * measurements were as follows:
+	 *
+	 *    qemu-kvm		: 7.38 bits
+	 *    VMware		: 7.46 bits
+	 *    Physical hardware	: 2.67 bits
+	 *
+	 * We choose the lowest of these (2.67 bits) and apply a 50%
+	 * safety margin to allow for some potential non-independence
+	 * of samples.
+	 */
+	entropy_init ( &rtc_entropy, MIN_ENTROPY ( 1.3 ) );
+
 	return 0;

 err_check:
@@ -226,11 +243,12 @@ static void rtc_entropy_disable ( void ) {
 }

 /**
- * Measure a single RTC tick
+ * Get noise sample
 *
- * @ret delta		Length of RTC tick (in TSC units)
+ * @ret noise		Noise sample
+ * @ret rc		Return status code
 */
-uint8_t rtc_sample ( void ) {
+static int rtc_get_noise ( noise_sample_t *noise ) {
 	uint32_t before;
 	uint32_t after;
 	uint32_t temp;
@@ -265,10 +283,14 @@ uint8_t rtc_sample ( void ) {
 		: "=a" ( after ), "=d" ( before ), "=Q" ( temp )
 		: "2" ( 0 ) );

-	return ( after - before );
+	*noise = ( after - before );
+	return 0;
 }

-PROVIDE_ENTROPY_INLINE ( rtc, min_entropy_per_sample );
-PROVIDE_ENTROPY ( rtc, entropy_enable, rtc_entropy_enable );
-PROVIDE_ENTROPY ( rtc, entropy_disable, rtc_entropy_disable );
-PROVIDE_ENTROPY_INLINE ( rtc, get_noise );
+/** RTC entropy source */
+struct entropy_source rtc_entropy __entropy_source ( ENTROPY_NORMAL ) = {
+	.name = "rtc",
+	.enable = rtc_entropy_enable,
+	.disable = rtc_entropy_disable,
+	.get_noise = rtc_get_noise,
+};