From: Andy Lutomirski <luto@amacapital.net>
To: "Theodore Ts'o" <tytso@mit.edu>,
Florian Weimer <fweimer@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] random: Add "initialized" variable to proc
Date: Wed, 30 Apr 2014 13:52:35 -0700 [thread overview]
Message-ID: <53616293.3080308@mit.edu> (raw)
In-Reply-To: <20140429182610.GA19325@thunk.org>
On 04/29/2014 11:26 AM, Theodore Ts'o wrote:
> On Tue, Apr 29, 2014 at 07:51:08PM +0200, Florian Weimer wrote:
>>
>> I've got a (physical) machine where it happens after ten seconds, or much
>> longer if there is no activity.
>>
>> I've seen cases where on the first boot of virtual machines, the SSH key was
>> generated before the printk with the initialization message. It's not a
>> problem if you install the OS first and then generate the keys, but for
>> booting from pre-provisioned images, it could be. (I have no evidence that
>> this hurts the quality of the generated key material, this is just based on
>> what's reported by the kernel.)
>
> Yes, fair enough, just because it works for me for my laptops doesn't
> mean that there aren't systems for which it was a problem. :-)
>
> I will say that for virtual machines, we *really* need virtio-rng.
I only sort of agree. I think that for VMs, we really need a good way
to provide an initial seed and ongoing entropy, and virtio-rng isn't it.
IMO virtio-rng is, alas, terminally fscked up. It has four issues, all
show-stopping. Fixing them may be impossible without changing the
interface.
1. It simply doesn't work on my system. In particular, it never returns
entropy. It just blocks forever.
2. The hwrng code sucks and the guest will never boot if there's a
non-working virtio-rng device around. See #1. I *may* get around to
writing a patch for this before the next merge window.
3. There should be a way to provide some entropy-free cryptographically
secure data, too. Regardless of the speed of the hosts's /dev/random,
the guest should start with at least 256 bits of cryptographically
secure seed material IMO.
4. virtio-pci and its asynchronous interface are too complicated to
achieve #3, even if a future virtio-rng enhancement could provide
urandom-like data. This thing is paravirt hardware; it should be able
to provide a seed *really* early.
--Andy
next prev parent reply other threads:[~2014-04-30 20:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-28 19:52 [PATCH] random: Add "initialized" variable to proc Florian Weimer
2014-04-28 21:41 ` Theodore Ts'o
2014-04-29 17:51 ` Florian Weimer
2014-04-29 18:26 ` Theodore Ts'o
2014-04-30 20:52 ` Andy Lutomirski [this message]
2014-05-01 2:06 ` Theodore Ts'o
2014-05-01 4:05 ` H. Peter Anvin
2014-05-01 15:05 ` tytso
2014-05-01 15:35 ` Andy Lutomirski
2014-05-01 18:53 ` Andy Lutomirski
2014-05-01 18:59 ` random: Providing a seed value to VM guests H. Peter Anvin
2014-05-01 5:37 ` [PATCH] random: Add "initialized" variable to proc H. Peter Anvin
2014-05-01 14:33 ` Jason Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53616293.3080308@mit.edu \
--to=luto@amacapital.net \
--cc=fweimer@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.