Hi Paolo, On Tue, Jul 19, 2022 at 01:53:00PM +0200, Jason A. Donenfeld wrote: > Tiny machines optimized for fast boot time generally don't use EFI, > which means a random seed has to be supplied some other way. For this > purpose, Linux (≥5.20) supports passing a seed in the setup_data table > with SETUP_RNG_SEED, specially intended for hypervisors, kexec, and > specialized bootloaders. The linked commit shows the upstream kernel > implementation.
Having received your message in the other thread hinting, "I think there are some issues with migration compatibility of setup_data and they snowball a bit, so I'll reply there," and being a bit eager to get this moving, I thought I'd preempt that discussion by trying to guess what you have in mind and replying to it. Speculative email execution... The SETUP_RNG_SEED parameter is used only during boot, and Linux takes pains to zero out its content after using. If a VM is migrated or copied, the RNG state is also migrated, just as is the case before SETUP_RNG_SEED. For that reason, Linux also has a "vmgenid" driver, which QEMU supports via `-device vmgenid,guid=auto`, which is an ACPI mechanism for telling the RNG to reseed under various migration circumstances. But this is merely complementary to SETUP_RNG_SEED, which is intended as a very simple mechanism for passing a seed at the earliest moment in boot, akin to DT's "rng-seed" node. Hopefully this answers what I think you were going to ask, and sorry if it's a total non-sequitur. Regards, Jason
