qiurui
/
asterinas
mirror of https://github.com/asterinas/asterinas.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add TDX hardware randomness requirement note

This commit is contained in:
Hsy-Intel 2025-11-25 23:46:40 +08:00 committed by Ruihan Li
parent b132d46a02
commit f8c94695d0
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kernel/src/util/random.rs
View File

@ -27,6 +27,10 @@ fn get_random_seed() -> <StdRng as SeedableRng>::Seed {
let mut seed = <StdRng as SeedableRng>::Seed::default();
// Notes for future refactorings: If hardware randomness cannot be generated (i.e., if
// `read_random` fails), we can usually continue with pseudorandomness. However, we should stop
// if we are TD guests. For more details, see
// <https://intel.github.io/ccc-linux-guest-hardening-docs/security-spec.html#randomness-inside-tdx-guest>.
let mut chunks = seed.as_mut().chunks_exact_mut(size_of::<u64>());
for chunk in chunks.by_ref() {
let src = read_random().expect("`read_random` failed").to_ne_bytes();