Ubuntu
linux package

[19.10 FEAT] kernel crypto: seed PRNG with TRNG

Bug #1835553 reported by bugproxy
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Frank Heimes
linux (Ubuntu)
Fix Released
Undecided
Skipper Bug Screeners

Bug Description

On a Z14 or later system the PRNG (/dev/prandom) shall be seeded with the CPACF TRNG. In that case the default reseeding frequency shall be increased to make up for the additional cost of the TRNG instruction.

In additionthe STCLKF based seeding shall use a smaller buffer.

Will be provided with kernel 5.2
Git commit . 769f020b6c

See original description
bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-178730 severity-high targetmilestone-inin1910
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Setting this LP ticket to Incomplete until kernel 5.2 has landed in Eoan.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: New → Incomplete
importance: Undecided → High
assignee: nobody → Frank Heimes (frank-heimes)
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2019-07-10 08:55 EDT-------
git commit for kernel 5.2
https://github.com/torvalds/linux/commit/769f020b6c

Revision history for this message
Frank Heimes (fheimes) wrote :

$ rmadison --arch=s390x linux-generic | grep eoan-proposed
 linux-generic | 5.2.0.8.9 | eoan-proposed | s390x
$ git tag --contains 769f020b6c
Ubuntu-5.2.0-8.9
v5.2
$ git show 769f020b6c
commit 769f020b6c9283d61c59de3559375ec7e961a424
Author: Harald Freudenberger <email address hidden>
Date: Tue Apr 16 13:41:26 2019 +0200

    s390/crypto: use TRNG for seeding/reseeding

    With the z14 machine there came also a CPACF hardware extension
    which provides a True Random Number Generator. This TRNG can
    be accessed with a new subfunction code within the CPACF prno
    instruction and provides random data with very high entropy.

    So if there is a TRNG available, let's use it for initial seeding
    and reseeding instead of the current implementation which tries
    to generate entropy based on stckf (store clock fast) jitters.

    For details about the amount of data needed and pulled for
    seeding and reseeding there can be explaining comments in the
    code found.

    Signed-off-by: Harald Freudenberger <email address hidden>
    Signed-off-by: Martin Schwidefsky <email address hidden>

With that changing status to Fix Committed.

Changed in linux (Ubuntu):
status: Incomplete → Fix Committed
Changed in ubuntu-z-systems:
status: Incomplete → Fix Committed
information type: Private → Public
Revision history for this message
Frank Heimes (fheimes) wrote :

Since kernel 5.2 eventually landed in eoan's release pocket:
  linux-generic | 5.2.0.8.9 | eoan | s390
I'm changing this LP ticket to Fix Released.

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2019-07-16 06:34 EDT-------
IBM bugzilla status -> closed, Fix Released with Eoan

Frank Heimes (fheimes)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.