On Fri, 2005-03-25 at 17:33 +1100, Herbert Xu wrote: > On Fri, Mar 25, 2005 at 09:34:19AM +0300, Evgeniy Polyakov wrote: > > > > Such hardware is used mostly in embedded world where SW crypto > > processing > > is too expensive, so users of such HW likely want to trust to > > theirs hardware and likely will turn in on. > > That's fine. All you need for these embedded users is a user-space > daemon that feeds data from the hardware directly into /dev/random. > No matter how small your system is, I'm sure you can spare a few > hundred bytes for such a thing. > > In fact most of these systems will have some sort of a general-purpose > daemon that sits around which can perform such a task. > > System calls on Linux are fast enough that there is really no > advantage in doing this in the kernel. > > But if you're really desparate, write a kernel module that does this > in a kernel thread.
It is not only about userspace/kernelspace system calls and data
copying,
but about whole revalidation process, which can and is quite expensive,
due to system calls, copying and validating itself,
I even think that using userspace rng daemon is completely useless for
crypto HW devices - it is faster to obtain entropy from interrupts,
than revalidating it in that way.
And what about initial bootup? When system needs to create randoom
IP/dhcp/any ids? What about small router?
There are too many cases where userspace validation is just making
things worse.
--
Evgeniy Polyakov
Crash is better than data corruption -- Arthur Grabowski
signature.asc
Description: This is a digitally signed message part
