On 3/23/23 15:09, Huang, Kai wrote: > 1) In TDH.SYS.INIT, ask TDX module team to return TDX_RND_NO_ENTROPY instead of > TDX_SYS_BUSY when running out of entropy. > > 2) In TDH.SYS.KEY.CONFIG, ask TDX module to return TDX_RND_NO_ENTROPY instead of > TDX_KEY_GENERATION_FAILED when running out of entropy. Whether > TDX_KEY_GENERATION_FAILED should be still kept is up to TDX module team > (because it looks running concurrent PCONFIGs is also related). > > 3) Ask TDX module to always return TDX_RND_NO_ENTROPY in _ALL_ SEAMCALLs and > keep this behaviour for future TDX modules too. Yes, that's all fine. > 4) In the common seamcall(), retry on TDX_RND_NO_ENTROPY. > > In terms of how many times to retry, I will use a fixed value for now, similar > to the kernel code below: > > #define RDRAND_RETRY_LOOPS 10 Heck, you could even just use RDRAND_RETRY_LOOPS directly. It's hard(er) to bikeshed your choice of a random number that you didn't even pick.
