Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp264016ybn; Thu, 3 Oct 2019 04:53:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqya/YFWvRXSbWq+wuPr4SzJNPQctJn01J4GbaBXuBtYzcLZMa6E6ZUYh2plEpPL/JZylPCA X-Received: by 2002:a17:906:6c8:: with SMTP id v8mr7408611ejb.252.1570103591298; Thu, 03 Oct 2019 04:53:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570103591; cv=none; d=google.com; s=arc-20160816; b=JPtMqWfY5+pPYqX5no4vRt0bRGHRsakIJYs/QdP9wr2FC9pPCt2YRDYyvXMAQh2dui b0VxWCr97CuXd1JmEOCf+RLpBYHQVqe+jpKVB1sx+MtwbBX94GGEo7K/Bg27DPq1hFic ZdcelwZZM3A/cgJjEekrbW1loi3RQ/+FlyCI+rUDoLKcvyVWcnZxudwPph9lBgk66cF1 l8FxQD/Ul6gJufD95sIYh6Gkbtu8GEdFcrms2r6HtGtllOvf7jRLw3Oat8kbOlVRW+27 7vAh4D7UzRsl59LX6CarSVBEkVRU/OFzZLZG6Q0AxUxgp0ugHqeuTi3pvTwBOi4seIrj PrRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=TH4G8F9bEPh7NUnt4TW7avI7THE8jyqz//HuU07xeIA=; b=Rl35GCWbIEuxbvZoXY4PB7i9nAOBK42emSrylpTDQ75XjGJim85UzOuv53YwkcBVMP eJyCPSGK2m3WLJgrjseI92dD7xtpxiKMYMFK1XKW7ePUtwB24oFFS5cR4MpcZaP9brEM vhRSXaxZS4ywpIf2DxMsA6ht+acjG9fSr4iSQ1W6L81SqFn2uxAxiXoH0J3ZQfjmtyFd uoxxdoYRWWGmmkP/x3xFudEQ5NXSJaA7033FqT5sZ8zJR/xDcc+DNkQ3WA0Butsd2QNj sztLMi/PcR2pdDegYABg7DdihdAqmpngm7wKUtn3tgdepuDefval7sDSsU0HwsLbHzvn WWUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e50si1472306edb.177.2019.10.03.04.52.46; Thu, 03 Oct 2019 04:53:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730110AbfJCLvj (ORCPT + 99 others); Thu, 3 Oct 2019 07:51:39 -0400 Received: from tartarus.angband.pl ([54.37.238.230]:40722 "EHLO tartarus.angband.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726523AbfJCLvj (ORCPT ); Thu, 3 Oct 2019 07:51:39 -0400 Received: from kilobyte by tartarus.angband.pl with local (Exim 4.92) (envelope-from ) id 1iFzds-0004Po-Ja; Thu, 03 Oct 2019 13:51:32 +0200 Date: Thu, 3 Oct 2019 13:51:32 +0200 From: Adam Borowski To: David Laight Cc: 'Kurt Roeckx' , "linux-kernel@vger.kernel.org" , Theodore Ts'o Subject: Re: Stop breaking the CSRNG Message-ID: <20191003115132.GA14301@angband.pl> References: <20191002165533.GA18282@roeckx.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Junkbait: aaron@angband.pl, zzyx@angband.pl User-Agent: Mutt/1.10.1 (2018-07-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: kilobyte@angband.pl X-SA-Exim-Scanned: No (on tartarus.angband.pl); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 03, 2019 at 10:13:39AM +0000, David Laight wrote: > From: Kurt Roeckx > > Sent: 02 October 2019 17:56 > > As OpenSSL, we want cryptograhic secure random numbers. Before > > getrandom(), Linux never provided a good API for that, both > > /dev/random and /dev/urandom have problems. getrandom() fixed > > that, so we switched to it were available. > > The fundamental problem is that you can't always get ' cryptograhic secure > random numbers'. No API changes are ever going to change that. > > The system can either return an error or sleep (possibly indefinitely) > until some 'reasonably random' numbers are available. > > A RISC-V system running on an FGPA (I've only used Altera NIOS cpu) > may have absolutely no sources of randomness at boot time. I'd say this is a hardware security vulnerability; no different from eg. having no or faulty MMU, speculation that allows exfiltrating data, etc. We did not understand the seriousness of lacking hardware sources of randomness, but that's a common thing to many other security vulnerabilities. Machines that lack any sources of entropy have their uses, but they're akin to processors with no MMU. You should never run a world-accessible ssh daemon on either of them. > Saying the architecture must include a random number instruction > doesn't help! It won't fix existing systems, and is irrelevant to deeply embedded, but communicating this requirement to SoC designers sounds like a good idea to me. IoTrash appliance makers won't care but their security is already so atrocious that lack of entropy is nowhere near the easiest way to get in, while anyone else will at least notice the warning. Any real-silicon hardware can include an entropy source, and if it doesn't, shaming the maker is the way to go. Calling the problem a security vulnerability (which I say it is) sends a stronger message. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ A MAP07 (Dead Simple) raspberry tincture recipe: 0.5l 95% alcohol, ⣾⠁⢠⠒⠀⣿⡁ 1kg raspberries, 0.4kg sugar; put into a big jar for 1 month. ⢿⡄⠘⠷⠚⠋⠀ Filter out and throw away the fruits (can dump them into a cake, ⠈⠳⣄⠀⠀⠀⠀ etc), let the drink age at least 3-6 months.