Hi, this patch series fixes some of the current urandom-seed flaws and improves situation with low entropy in the kernel during the boot.
First, simply writing to /dev/urandom does not increase the kernel's entropy count, this casuses processes obtaining randomness to block. Particularly processes using OpenSSL's RAND_bytes() will block until the kernel emits 'random: crng init done'. This can take upwards of twenty minutes. According to random(4) the entropy count is only increased when using the RNDADDENTROPY ioctl, which urandom-seed currently doesn't use when feeding the kernel RNG. Second, urandom-seed is using /etc/urandom.seed file to seed the kernel's RNG machinery upon every boot. The problem is, that this file is created only once during first-boot and then reused on every consecutive boot, so pretty much static. So this patch series adds μrngd, which is a new micro non-physical true random number generator (system service) based on timing jitter. On devices which provide a reliable and precise enough timer, μrngd can provide sufficient entropy. μrngd is using the Jitter RNG core under the hood, which provides an entropy source that μrngd feeds into the Linux /dev/random device if its entropy runs low. It updates the /dev/random entropy estimator such that the newly provided entropy unblocks /dev/random. The seeding of /dev/random also ensures that /dev/urandom benefits from entropy. Especially during boot time, when the entropy of Linux is low, the Jitter RNG based μrngd provides a source of sufficient entropy. Some RNG init time numbers from qca9563 (TP-Link Archer C7 v5): [ 12.045693] random: crng init done (μrngd) [ 120.043132] random: crng init done (urandom-seed) μrngd binary has 4579 bytes on ath79. I'm creating separate packages for getrandom and urandom-seed, so they can be removed easily on platforms where either μrngd or any other hardware based RNG provides good entropy. I'm not removing urandom-seed package from the defaults, because during the testing of μrngd I've found out, that for example MediaTek MT7620A ver:2 eco:6 (MIPS 24KEc V5.0) doesn't provide high precision timer which is needed for Jitter RNG so the initialization of Jitter RNG inside μrngd ends with following error: jent-rng init failed, err: 2 (ECOARSETIME) so on such platforms it might still be probably better to stick to urandom-seed as a fallback. The Jitter RNG implements a startup test that is intended to detect non-appropriate timers. If it identifies such non-appropriate timers, the Jitter RNG will deactivate. Thus, the Jitter RNG always tries to reach a secure state. I believe, that μrngd is going to improve entropy situation on most of current platforms OpenWrt supports, so I would like to enable it as default. Having another source of reliable noise in the system doesn't hurt, it only helps. I would like to note, that most of this stuff is based on the amazing work done[1] by Stephan Müller, I've just bend it over and packaged it for OpenWrt. 1. http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html Petr Štetiar (4): urng: add micro non-physical true RNG based on timing jitter ubox: move getrandom into separate getrandom package base-files: move urandom seed bits into separate package build: add urandom-seed and urngd to default packages set include/target.mk | 2 +- package/base-files/Makefile | 11 ++++- package/base-files/files/etc/init.d/urandom_seed | 12 ------ .../base-files/files/lib/preinit/81_urandom_seed | 24 ----------- package/base-files/files/sbin/urandom_seed | 20 --------- package/system/ubox/Makefile | 17 ++++++-- package/system/urandom-seed/Makefile | 32 +++++++++++++++ .../urandom-seed/files/etc/init.d/urandom_seed | 12 ++++++ .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 +++++++++++ .../system/urandom-seed/files/sbin/urandom_seed | 20 +++++++++ package/system/urngd/Makefile | 48 ++++++++++++++++++++++ package/system/urngd/files/urngd.init | 21 ++++++++++ 12 files changed, 182 insertions(+), 61 deletions(-) delete mode 100755 package/base-files/files/etc/init.d/urandom_seed delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed delete mode 100755 package/base-files/files/sbin/urandom_seed create mode 100644 package/system/urandom-seed/Makefile create mode 100755 package/system/urandom-seed/files/etc/init.d/urandom_seed create mode 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed create mode 100755 package/system/urandom-seed/files/sbin/urandom_seed create mode 100644 package/system/urngd/Makefile create mode 100644 package/system/urngd/files/urngd.init -- 1.9.1 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
