mount-encrypted: add error reporting to RNG failures
In the case of the TPM getting into a permanent failure mode
(e.g. crosbug.com/p/15785), the entropy system was not trying harder to
get entropy (i.e. falling back to system RNG), and was just using
whatever happened to be on the stack.
This adds the system RNG to the fallback list:
- try TPM RNG
- try system RNG
- use uninitialized stack contents
The reason for the last one being used is so we can make sure we're
getting a system up. It is extremely unlikely for both the TPM and
the system RNGs to be broken and if they are, it's likely a relatively
permanent failure condition. If we abort in this state, we'll cause an
infinite repair loop which is a very bad user experience. Instead, get
the system up using terrible entropy so the conditions can be examined.
BUG=chrome-os-partner:15960
TEST=daisy build with instrumented kernel tpm driver to always fail
BRANCH=none
Change-Id: I92c454925a78bb0d94262cdb3914c1b72010450e
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38751
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
1 file changed
