Hello,
On Mon, Jul 08, 2019 at 02:50:18PM -0400, Gene Heskett wrote:
> On Monday 08 July 2019 14:14:10 Andy Smith wrote:
> > On Mon, Jul 08, 2019 at 05:48:24PM -0000, Curt wrote:
> > > it "amounts to trusting that CPU manufacturer (perhaps with the
> > > insistence or mandate of a Nation State's intelligence or law
> > > enforcement agencies) has not installed a hidden back door to
> > > compromise the CPU's random number generation facilities."
> >
> > Again, everyone using a popular CPU is already in that position.
>
> Absolutely Andy. But from the argument thread my original post generated,
> there are IMO, quite a few who have become addicted to the koolaid.
The koolaid of using a mainstream CPU?
I think if we stopped using Intel and AMD then there would be some
other near-monopoly manufacturer that would arise and embed
unauditable blobs so we'd be in exactly the same position. To arrive
at a situation where the entirety of the CPU was open to inspection
would probably require a complete reworking of the modern economy,
i.e. make it less purely capitalist for a start.
When the problem is as big as that, I'm not sure that being captured
by it can be referred to as "koolaid" to be honest.
(Before an ARM fanboy pulls me up for not mentioning them, I'm
talking about the mainstream. If Intel and AMD didn't exist then I
suspect ARM would be just as bad for this, if not worse.)
> Theodore T. has been right waaaaayy more than he's been wrong.
I think you may have been confused by the posted statement of T'so's
which began:
"I am so glad I resisted pressure from Intel engineers to let
/dev/random rely only on the RDRAND instruction."
This was from 2013 and was from T'so opposing the trusting of the
RDRAND instruction for *all* of the Linux kernel's entropy needs.
Flash forward to 2017 and T'so himself wrote a patch to add a
configure option to allow RDRAND to be used early on to bootstrap
entropy. Thereafter it would not be the exclusive source of entropy.
That is what has been enabled in buster's kernel and is what is at
the heart of this discussion.
These are two different scenarios.
This sub-thread appears to have people concerned about the Debian
kernel's willingness by default to use RDRAND at early boot (a patch
which T'so wrote), but using a statement made by T'so in 2013 about
something else to oppose it.
> Raspian is usually not more than a day or so behind debian,
Discussion of Raspbian is off-topic here, and I don't see what it
has to do with the topic of this sub-thread (entropy starvation at
boot). I think you would be better off discussing Raspbian on
Raspbian mailing lists.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
