From Linus Torvalds <> Date Mon, 14 Aug 2017 10:47:47 -0700 Subject Re: early x86 unseeded randomness On Mon, Aug 14, 2017 at 10:35 AM, Borislav Petkov <bp@alien8.de> wrote:

>

> how about we address that unseeded randomness usage during early boot by

> falling back on the TSC on x86? I mean, we already do that for the stack

> canary value anyway...



That patch is completely broken:





> + if (crng_ready())

> + get_random_bytes(&canary, sizeof(canary));

> + else

> + canary = rdtsc();

> +

> tsc = rdtsc();

> canary += tsc + (tsc << 32UL);



So now you do rdtsc() twice, and then add them together.



Adding the same value together adds absolutely zero information.

Quite the reverse - it just makes the values cancel out and you're

shifting away one bit.



So the current code that just does an unconditional

"get_random_bytes()" and then adds the TSC into it for noise when it's

not ranom is actually *objectively* better than that broken crap you

just tried.



Plus on modern x86, you'll always get at least the hardware

randomness, which is fundamentally much better anyway.



So this patch is utter and absolute garbage, and should be shot in the

head and buried very very deep.



Please immediately delete it from the whole internet.



Linus



