From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.
Date: Sun, 19 Jul 2020 13:49:50 +0200 [thread overview]
Message-ID: <20200719114950.GT18825@scaer> (raw)
In-Reply-To: <20200719100514.618894ca@windsurf.home>
Thomas, Christoph, Al,
On 2020-07-19 10:05 +0200, Thomas Petazzoni spake thusly:
> On Sun, 19 Jul 2020 00:44:44 +0200
> christoph.muellner at theobroma-systems.com wrote:
>
> > From: Christoph M?llner <christoph.muellner@theobroma-systems.com>
> >
> > S20urandom is a nice script. However, there are systems, which
> > cannot make use of that script for some reasons (e.g. systems that
> > only have read-only partitions).
> >
> > So let's install S20urandom only if configured to do so
> > (with default y to keep backwards-compatibility).
> >
> > Signed-off-by: Christoph M?llner <christoph.muellner@theobroma-systems.com>
>
> Hm, indeed it saves to /var/lib/random-seed, which we do not seem to
> symlink to a tmpfs place when the rootfs is read-only. I'm not entirely
> sure we want to add yet another option for this, or if we want to fix
> it so that it "works" even in read-only rootfs scenarios. I don't have
> a very clear opinion on how to handle that.
I too don't think that warrants a kconfig option.
I would however believe this script is not interesting at all. In fact,
an ambedded device seldom reboots nicely; instead, it is most often a
hard-reboot (with a power cycle). In that case, the script would have no
chance whatsoever to save the current seed before shutdown, thus on next
boot we would restore a seed that would have already been used, thus
defeating randomness to begin with; worse, it would give people a sense
of security where there would in fact be a hole.
If people do not have a good source of randomness in their kernel and/or
hardware, they should switch to using things like rng-tools with
jitterentropy or the likes, rather than rely on saving and restoring the
seed.
It is my opinion that we should just drop that startup script altogether
and be done with it.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2020-07-19 11:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-18 22:44 [Buildroot] [PATCH] initscripts: Make installation of S20urandom optional christoph.muellner at theobroma-systems.com
2020-07-19 8:05 ` Thomas Petazzoni
2020-07-19 11:49 ` Yann E. MORIN [this message]
2020-07-19 12:09 ` Peter Seiderer
2020-07-19 12:24 ` Yann E. MORIN
2020-07-20 12:26 ` Christoph Müllner
2020-07-20 12:30 ` Thomas Petazzoni
2020-07-20 15:22 ` Christoph Müllner
2020-07-20 20:42 ` Yann E. MORIN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200719114950.GT18825@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox