On 06/19/2011 08:07 AM, Herbert Xu wrote: > On Sun, Jun 19, 2011 at 09:38:43AM -0400, Neil Horman wrote: >> >> It sounds to me like, if its desireous to bypass the entropy pool, then we >> should bypass the /dev/random path altogether. Why not write a hwrng driver >> that can export access to the rdrand instruction via a misc device. > > I presume the rdrand instruction can be used from user-space > directly. > Yes, it can. Again, RDRAND is not suitable for /dev/random (as opposed to /dev/urandom users.) /dev/urandom is used both by user space (and here the only reason to hook it up to /dev/urandom is compatibility with existing userspace; we are working separately to enabling user space users like OpenSSL to use RDRAND directly) and by kernel users via the internal APIs. /dev/random as far as I can tell is only ever fed to userspace, however, the guarantees that it is at least supposed to give are very, very strict. RDRAND do not fulfill those criteria, but we should be able to use it as part of its implementation. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
