[Ach] removed outdated info on Linux RNG / haveged

Aaron Zauner azet at azet.org
Mon May 8 04:26:40 CEST 2017


* Ralf Schlatterbeck <rsc at runtux.com> [07/05/2017 13:31:19] wrote:
> On Sat, May 06, 2017 at 05:06:03PM +0200, Aaron Zauner wrote:
> > 
> > This is simply wrong and misquotes the information provided in the
> > cited factorable.net paper (compare to "Experiment" in Section 5.1).
> > The issue of "boot time entropy" only affects the very first boot-up
> > of a machine or VM. States are saved across reboots.
> 
> Um, no. On many embedded system there is no persistent filesystem. So
> this happens on *every* reboot. Affected systems are WLAN routers and
> many other embedded systems with a read-only flash filesystem (e.g.
> webcams).

Right. There's no easy fix for this an mainline kernel devs have
been arguing about the issue for at least 10 years. What I gather
from friends that actually work on developing embedded boards /
devices and hence kernel patches is that they have to deal with this
issue on a per-board basis. For example: there're embedded devices
that do not have a Real Time Clock (RTC) nor any network
connections, it's essentially impossible to gather "solid" entropy
for these devices without ugly kernel hacks.

On current Kernels you'll get a `kprintf` message in case there's a
read from uninitialized urandom:

```
azet at orpheus ~ % sudo dmesg | grep random
[sudo] password for azet: 
[    1.194033] random: systemd-udevd: uninitialized urandom read (16
bytes read)
[    1.194073] random: systemd-udevd: uninitialized urandom read (16
bytes read)
[    1.194078] random: systemd-udevd: uninitialized urandom read (16
bytes read)
[    1.194083] random: systemd-udevd: uninitialized urandom read (16
bytes read)
[    1.194636] random: udevadm: uninitialized urandom read (16 bytes
read)
[    1.194656] random: udevadm: uninitialized urandom read (16 bytes
read)
[    1.195327] random: udevadm: uninitialized urandom read (16 bytes
read)
[    1.195365] random: udevadm: uninitialized urandom read (16 bytes
read)
[    1.195372] random: udevadm: uninitialized urandom read (16 bytes
read)
[    1.195509] random: udevadm: uninitialized urandom read (16 bytes
read)
[    2.139169] random: fast init done
[    9.542377] random: crng init done
```

(related to: https://patchwork.kernel.org/patch/9173499/)

In any case, I fail to see how haveged can improve this situation in
any way. Quite to the contraty. Any I'm not sure we are able to give
a solid recommendation for these devices within our guide. 

Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20170508/48206d81/attachment.sig>


More information about the Ach mailing list