Disable RNG device for protected VMs.

They can't trust the host to provide entropy, so there's no point providing it. BUG=b:217506382 TEST=tools/dev_container tools/run_tests TEST=tools/dev_container tools/run_tests --target=vm:aarch64 Change-Id: I5355e846191d34e10c0c5c3cf0b2afaa3c779313 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3450875 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Andrew Walbran <qwandor@google.com>
2024-11-25 05:03:05 +00:00 · 2022-02-09 18:23:00 +00:00 · 2022-02-09 18:23:00 +00:00 · a24a752708
commit a24a752708
parent 67d4219489
3 changed files with 15 additions and 7 deletions
--- a/src/crosvm.rs
+++ b/src/crosvm.rs
@ -436,6 +436,7 @@ pub struct Config {
    pub init_memory: Option<u64>,
    #[cfg(feature = "direct")]
    pub pcie_rp: Vec<PathBuf>,
+    pub rng: bool,
 }

 impl Default for Config {
@ -547,6 +548,7 @@ impl Default for Config {
            init_memory: None,
            #[cfg(feature = "direct")]
            pcie_rp: Vec::new(),
+            rng: true,
        }
    }
 }
--- a/src/linux/mod.rs
+++ b/src/linux/mod.rs
@ -267,7 +267,9 @@ fn create_virtio_devices(
        )?);
    }

-    devs.push(create_rng_device(cfg)?);
+    if cfg.rng {
+        devs.push(create_rng_device(cfg)?);
+    }

    #[cfg(feature = "tpm")]
    {
--- a/src/main.rs
+++ b/src/main.rs
@ -2071,19 +2071,19 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument::
        }
        "protected-vm" => {
            cfg.protected_vm = ProtectionType::Protected;
-            // Balloon device only works for unprotected VMs.
+            // Balloon and USB devices only work for unprotected VMs.
            cfg.balloon = false;
-
-            // USB device only works for unprotected VMs.
            cfg.usb = false;
+            // Protected VMs can't trust the RNG device, so don't provide it.
+            cfg.rng = false;
        }
        "protected-vm-without-firmware" => {
            cfg.protected_vm = ProtectionType::ProtectedWithoutFirmware;
-            // Balloon device only works for unprotected VMs.
+            // Balloon and USB devices only work for unprotected VMs.
            cfg.balloon = false;
-
-            // USB device only works for unprotected VMs.
            cfg.usb = false;
+            // Protected VMs can't trust the RNG device, so don't provide it.
+            cfg.rng = false;
        }
        "battery" => {
            let params = parse_battery_options(value)?;
@ -2103,6 +2103,9 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument::
        "no-balloon" => {
            cfg.balloon = false;
        }
+        "no-rng" => {
+            cfg.rng = false;
+        }
        "no-usb" => {
            cfg.usb = false;
        }
@ -2683,6 +2686,7 @@ iommu=on|off - indicates whether to enable virtio IOMMU for this device"),
          Argument::flag("no-balloon", "Don't use virtio-balloon device in the guest"),
          #[cfg(feature = "usb")]
          Argument::flag("no-usb", "Don't use usb devices in the guest"),
+          Argument::flag("no-rng", "Don't create RNG device in the guest"),
          Argument::value("balloon_bias_mib", "N", "Amount to bias balance of memory between host and guest as the balloon inflates, in MiB."),
          Argument::value("vhost-user-blk", "SOCKET_PATH", "Path to a socket for vhost-user block"),
          Argument::value("vhost-user-console", "SOCKET_PATH", "Path to a socket for vhost-user console"),