Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ?

grub-devel.gnu.org archive mirror
 help / color / mirror / Atom feed

From: "Thomas Schmitt" <scdbackup@gmx.net>
To: grub-devel@gnu.org
Subject: Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ?
Date: Thu, 11 Aug 2016 21:55:59 +0200	[thread overview]
Message-ID: <8455587854707933842@scdbackup.webframe.org> (raw)

Hi,

i am discussing with Chris Lamb on reproducible-builds@lists.alioth.debian.org
how to make production of bootable ISOs reproducible. The last (yet known)
obstacle are the pseudo-random GUIDs of the GPT which is produced for EFI
bootability.

Up to this obstacle it turned out that it will suffice to use the same
input file tree and the same overall timestamp with xorriso -as mkisofs
option
  --modification-date=YYYYMMDDhhmmsscc
which was originally introduced for grub-mkrescue to match in grub.cfg
  search --fs-uuid --set YYYY-MM-DD-hh-mm-ss-cc

I am now wondering whether it would be ok for grub-mkrescue if the GUIDs
of the GPT would be derived reproducibly from this timestamp by default.
(Currently they stem from /dev/urandom.)

These GUIDs will of course be unique inside the GPT. But their entropy
will be low and collisions with other ISOs could happen systematically
because of nearly identical production times.
Well, this can happen to the ISO 9660 --fs-uuid string under the same
circumstances.

So my question:
Is there any reason known why the GPT GUID needs to have better randomness
than the "search --fs-uuid" string ?

Have a nice day :)

Thomas

next             reply	other threads:[~2016-08-11 19:54 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-11 19:55 Thomas Schmitt [this message]
2016-08-14  5:03 ` Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ? Michael Zimmermann
2016-08-14  6:29   ` Andrei Borzenkov
2016-08-14  8:44     ` Thomas Schmitt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8455587854707933842@scdbackup.webframe.org \
    --to=scdbackup@gmx.net \
    --cc=grub-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).