[OpenWrt-Devel] [PATCH RFC 0/5] ath79: add micro non-physical true RNG based on timing jitter

Petr Štetiar ynezz at true.cz
Sun May 26 05:38:51 PDT 2019


Etienne Champetier <champetier.etienne at gmail.com> [2019-05-25 12:43:25]:

Hi,

> I just want to be sure we don't make some devices worse / are not
> missing something

and I really appreciate that, the more eyes, the better.

> > Exactly, that's why it's recommended[2] to save it during EVERY shutdown, so it's
> > different EVERY boot.
> 
> I know and I'm in favour of it, but proper shutdown is not always a
> thing on router, that is why I went with getrandom() at the time

Indeed, and I think, that it served us well. Now, that we've found out, that
it's not helping that much as it was expected, and having proper source of
randomness, we could simply stop using it in default install. Should you still
need it, you can `opkg install` it back.

> > I started experiments with kmod-crypto-rng package which already contains
> > jitterentropy, drbg, krng and rng kernel modules, but it didn't improved the
> > long booting times for me on ath79.  Other reason was size of this kernel
> > module(s) as they provide much more functionality of course.
> 
> I think before anyone merge this (I'm not a core dev),

This is just an RFC, so I'm not going to merge it anyway. I'm going to post
another series of patches without the RFC and I plan to merge it myself if I
get Acked-by from at least one additional core developer. I find this part of
the system important enough, that I'm not going to push it myself.

My current plan for the new series is following:

 * enable CONFIG_WARN_ALL_UNSEEDED_RANDOM by default in all kernels

 * add urngd as default package, because it's going to improve the overall
   system randomness

 * start urngd directly in procd to get rid of the following warnings:

    random: procd: uninitialized urandom read (4 bytes read)
    procd: - ubus -
    random: ubusd: uninitialized urandom read (4 bytes read)
    random: ubusd: uninitialized urandom read (4 bytes read)
    random: ubusd: uninitialized urandom read (4 bytes read)
    procd: - init -

 * create packages for urandom-seed, getrandom and remove those from the
   default images

> we need to explain why your user space version and the kernel module
> version behave differently Is the kernel module underestimating entropy ?
> Is you user space version over estimating entropy ?

I hope, that Stephan has already provided that answer in the other email to
you.

-- ynezz



More information about the openwrt-devel mailing list