Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1017744pxb;
        Thu, 24 Mar 2022 11:07:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz5ZeOJhelW7rBC2dDkp7EJb3Mu4aTAh8KOGQCPcCdhS49kYT3jjtmkwRcb1/+AC72DuPW1
X-Received: by 2002:a17:90a:e2c9:b0:1c7:9878:1d15 with SMTP id fr9-20020a17090ae2c900b001c798781d15mr7686013pjb.150.1648145242216;
        Thu, 24 Mar 2022 11:07:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1648145242; cv=none;
        d=google.com; s=arc-20160816;
        b=PhcRnJCmhDAhNS/2vjnjDDaIZC+XNHLds/nINFAawHbqeMaQIMiQpd/BhZvavYOR86
         nukmOzVrK0VR+i2jxTgNo9TY/Qa4JDQXHp297Ml1NOQfzyAsN4KBo2oqd+pAb1e5/HJV
         dZFuaBKUjo+JSF3xAun8PkSz1+TL/xSMWEEVdZ/KJ9rB1s2FvGOAfXQhGqdkmXvRaQFJ
         3NC+LnSBGvGVxTpYwccvck4GcBxay2MiuUCEuAgcJHGrRKG80oh1/BlRtvs33Frc8Cim
         wQbA0/v+jtnXDCWoNflglGiomj1bSZr4vllbm/ylrQc0iWIX6UVF/S7tYOAF3YLdv43Z
         dZGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=+dGSTChQ2MNYzqTGK+LMxxdZV1V0iUaZZmeJKp/LA9c=;
        b=eDDpyjT+zFz/FaBp4WVruowdV5f1JjBCSPPTHGCtDjYEqxkGtGedAxchJo0vL1/VjJ
         dWzgonvB6C4rTmK+jh83NvhqIOc6uxGrBdKiRA5Hudpt4uLZmnoEtMBF9jiAglKA7pPH
         z8+Pjj9rp8Vf3JUcDEAcNtasqCGvRIV9hlj6szO9VuOR6T4I6ZitFFdNPFDjVALq7iCU
         oRnLoqS95pZZxwYjdKf1zAkAiwUIfeQdxmHwMU8Dj1qK+YfeZR0W1iMN3UEZkLM885Nh
         QbjD/FE2MNRGAD9hkrrA5EicecOjZQkOPGk+5Om4WvUhv58QN7Azx3w7dyBVlrJ+Q95e
         BWVA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vB1xjy2x;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id v5-20020a1709029a0500b00153b2d1646dsi69603plp.117.2022.03.24.11.06.56;
        Thu, 24 Mar 2022 11:07:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vB1xjy2x;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241899AbiCXSDP (ORCPT <rfc822;benevolent.opressor@gmail.com>
        + 99 others); Thu, 24 Mar 2022 14:03:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52678 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236126AbiCXSDO (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 24 Mar 2022 14:03:14 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A30CB53C4;
        Thu, 24 Mar 2022 11:01:42 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 49301B82403;
        Thu, 24 Mar 2022 18:01:41 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7551C340F0;
        Thu, 24 Mar 2022 18:01:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1648144900;
        bh=6YSptuyb/nPo61g6P7HGPQKpojq+QMPFUW9m0WrmURE=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=vB1xjy2xksJGdNhsZR0L1pgmxXo9R8tXW74OtHNK7h+gkBp5baK3v3ClAUMBJcmtp
         nhPI7DgyPjCo3xuCaTuk10FG/mB3d95wy0lA/Zu6K9I1mB0rUabMlQG3YQUek0hDuF
         y1mLISX5G9gVpgTZVJ8ZgmcO0S7gFFNyLo70bGDRFn3RMYtU5ZhgL92H+SLwijt7k3
         vjj42dkriKs0ZX1OcaAf9K1TO8cYijldSr0pPtWRiriEDkLY+pzgH8JLDomFhXTBUm
         hsUrRDwXE+TlZ0mQNmiwV8s44dehEZKyCgTcwokvL76RRh7oaRnS+om9g41Tzg24TG
         GxzKWB01Xkmhg==
Date:   Thu, 24 Mar 2022 18:01:38 +0000
From:   Eric Biggers <ebiggers@kernel.org>
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc:     David Laight <David.Laight@aculab.com>,
        "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Jann Horn <jannh@google.com>,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        Guenter Roeck <linux@roeck-us.net>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Theodore Ts'o <tytso@mit.edu>,
        Sandy Harris <sandyinchina@gmail.com>
Subject: Re: [PATCH] random: allow writes to /dev/urandom to influence fast
 init
Message-ID: <YjyyAm9pyOp9Fyqi@gmail.com>
References: <20220322191436.110963-1-Jason@zx2c4.com>
 <1648009787.fah6dos6ya.none@localhost>
 <CAHmME9rsvxczJrhPwRX6nyrh9NB2AuJqkEKrTLx-G-T1J6_czQ@mail.gmail.com>
 <7cde489e73c8448b95a1b7bc6ed1d75b@AcuMS.aculab.com>
 <CAHmME9rxV-WLBCGyMRwba_8nF_onRfBi0+-xz84-HLNfee=R3Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHmME9rxV-WLBCGyMRwba_8nF_onRfBi0+-xz84-HLNfee=R3Q@mail.gmail.com>
X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Wed, Mar 23, 2022 at 01:53:03PM -0600, Jason A. Donenfeld wrote:
> Hi David,
> 
> On Wed, Mar 23, 2022 at 8:01 AM David Laight <David.Laight@aculab.com> wrote:
> >
> > From: Jason A. Donenfeld
> > > Sent: 23 March 2022 04:48
> > ...
> > > - Plenty of things are seeding the RNG correctly, and buildroot's
> > > shell script is just "doing it wrong".
> > >
> > > On that last point, I should reiterate that buildroot's shell script
> > > still isn't actually initializing the RNG, despite what it says in its
> > > echo; there's never been a way to initialize the RNG from a shell
> > > script, without calling out to various special purpose ioctl-aware
> > > binaries.
> >
> > Perhaps the very first write after boot could be assumed to
> > be valid initialisation data?
> > (On top of a few other tests.)
> 
> I addressed this already earlier. That approach does not work. Too
> many things already pass in garbage, not expecting for it to be
> credited, but just contributory. /dev/urandom writes simply has never
> had the semantics one would want for credited seeding. Adding a
> heuristic like this will break users.
> 

Just to give an example of this, one of the first things that Android does at
boot time is copy the kernel command line into /dev/urandom:
https://android.googlesource.com/platform/system/core/+/refs/heads/android12-release/rootdir/init.rc#122

It would certainly be undesirable if that started crediting entropy, given that
the command line might not contain much entropy, or any at all.

(And yes, copying the kernel command line into /dev/urandom is redundant in
kernels v4.14 and later due to https://git.kernel.org/linus/33d72f3822d7ff8a.
But this is going to be kept around for a while longer due to older kernels.)

- Eric