Am Montag, 6. November 2023, 11:00:08 CET schrieb Herbert Xu: Hi Herbert, > On Thu, Nov 02, 2023 at 08:32:36PM -1000, Linus Torvalds wrote: > > I think that would help the situation, but I assume the sizing for the > > jitter buffer is at least partly due to trying to account for cache > > sizing or similar issues? > > > > Which really means that I assume any static compile-time answer to > > that question is always wrong - whether you are an expert or not. > > Unless you are just building the thing for one particular machine. > > > > So I do think the problem is deeper than "this is a question only for > > experts". I definitely don't think you should ask a regular user (or > > even a distro kernel package manager). I suspect it's likely that the > > question is just wrong in general - because any particular one buffer > > size for any number of machines simply cannot be the right answer. > > > > I realize that the commit says "*allow* for configuration of memory > > size", but I really question the whole approach. > > Yes I think these are all valid points. I just noticed that I > forgot to cc the author so let's see if Stephan has anything to > add. I concur that these questions are more for experts. > > > But yes - hiding these questions from any reasonable normal user is at > > least a good first step. > > OK here's the patch: > > ---8<--- > As JITTERENTROPY is selected by default if you enable the CRYPTO > API, any Kconfig options added there will show up for every single > user. Hide the esoteric options under EXPERT as well as FIPS so > that only distro makers will see them. > > Reported-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > diff --git a/crypto/Kconfig b/crypto/Kconfig > index bbf51d55724e..70661f58ee41 100644 > --- a/crypto/Kconfig > +++ b/crypto/Kconfig > @@ -1297,10 +1297,12 @@ config CRYPTO_JITTERENTROPY > > See https://www.chronox.de/jent.html > > +if CRYPTO_JITTERENTROPY > +if CRYPTO_FIPS && EXPERT > + > choice > prompt "CPU Jitter RNG Memory Size" > default CRYPTO_JITTERENTROPY_MEMSIZE_2 > - depends on CRYPTO_JITTERENTROPY > help > The Jitter RNG measures the execution time of memory accesses. > Multiple consecutive memory accesses are performed. If the memory > @@ -1344,7 +1346,6 @@ config CRYPTO_JITTERENTROPY_OSR > int "CPU Jitter RNG Oversampling Rate" > range 1 15 > default 1 > - depends on CRYPTO_JITTERENTROPY > help > The Jitter RNG allows the specification of an oversampling rate (OSR). > The Jitter RNG operation requires a fixed amount of timing > @@ -1359,7 +1360,6 @@ config CRYPTO_JITTERENTROPY_OSR > > config CRYPTO_JITTERENTROPY_TESTINTERFACE > bool "CPU Jitter RNG Test Interface" > - depends on CRYPTO_JITTERENTROPY > help > The test interface allows a privileged process to capture > the raw unconditioned high resolution time stamp noise that > @@ -1377,6 +1377,28 @@ config CRYPTO_JITTERENTROPY_TESTINTERFACE > > If unsure, select N. > > +endif # if CRYPTO_FIPS && EXPERT > + > +if !(CRYPTO_FIPS && EXPERT) > + > +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS > + int > + default 64 > + > +config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE > + int > + default 32 > + > +config CRYPTO_JITTERENTROPY_OSR > + int > + default 1 > + > +config CRYPTO_JITTERENTROPY_TESTINTERFACE > + bool > + > +endif # if !(CRYPTO_FIPS && EXPERT) > +endif # if CRYPTO_JITTERENTROPY > + > config CRYPTO_KDF800108_CTR > tristate > select CRYPTO_HMAC Reviewed-by: Stephan Mueller <smueller@xxxxxxxxxx> Ciao Stephan
