Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1017744pxb; Thu, 24 Mar 2022 11:07:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz5ZeOJhelW7rBC2dDkp7EJb3Mu4aTAh8KOGQCPcCdhS49kYT3jjtmkwRcb1/+AC72DuPW1 X-Received: by 2002:a17:90a:e2c9:b0:1c7:9878:1d15 with SMTP id fr9-20020a17090ae2c900b001c798781d15mr7686013pjb.150.1648145242216; Thu, 24 Mar 2022 11:07:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648145242; cv=none; d=google.com; s=arc-20160816; b=PhcRnJCmhDAhNS/2vjnjDDaIZC+XNHLds/nINFAawHbqeMaQIMiQpd/BhZvavYOR86 nukmOzVrK0VR+i2jxTgNo9TY/Qa4JDQXHp297Ml1NOQfzyAsN4KBo2oqd+pAb1e5/HJV dZFuaBKUjo+JSF3xAun8PkSz1+TL/xSMWEEVdZ/KJ9rB1s2FvGOAfXQhGqdkmXvRaQFJ 3NC+LnSBGvGVxTpYwccvck4GcBxay2MiuUCEuAgcJHGrRKG80oh1/BlRtvs33Frc8Cim wQbA0/v+jtnXDCWoNflglGiomj1bSZr4vllbm/ylrQc0iWIX6UVF/S7tYOAF3YLdv43Z dZGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=+dGSTChQ2MNYzqTGK+LMxxdZV1V0iUaZZmeJKp/LA9c=; b=eDDpyjT+zFz/FaBp4WVruowdV5f1JjBCSPPTHGCtDjYEqxkGtGedAxchJo0vL1/VjJ dWzgonvB6C4rTmK+jh83NvhqIOc6uxGrBdKiRA5Hudpt4uLZmnoEtMBF9jiAglKA7pPH z8+Pjj9rp8Vf3JUcDEAcNtasqCGvRIV9hlj6szO9VuOR6T4I6ZitFFdNPFDjVALq7iCU oRnLoqS95pZZxwYjdKf1zAkAiwUIfeQdxmHwMU8Dj1qK+YfeZR0W1iMN3UEZkLM885Nh QbjD/FE2MNRGAD9hkrrA5EicecOjZQkOPGk+5Om4WvUhv58QN7Azx3w7dyBVlrJ+Q95e BWVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vB1xjy2x; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v5-20020a1709029a0500b00153b2d1646dsi69603plp.117.2022.03.24.11.06.56; Thu, 24 Mar 2022 11:07:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vB1xjy2x; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241899AbiCXSDP (ORCPT + 99 others); Thu, 24 Mar 2022 14:03:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236126AbiCXSDO (ORCPT ); Thu, 24 Mar 2022 14:03:14 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A30CB53C4; Thu, 24 Mar 2022 11:01:42 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 49301B82403; Thu, 24 Mar 2022 18:01:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7551C340F0; Thu, 24 Mar 2022 18:01:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1648144900; bh=6YSptuyb/nPo61g6P7HGPQKpojq+QMPFUW9m0WrmURE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=vB1xjy2xksJGdNhsZR0L1pgmxXo9R8tXW74OtHNK7h+gkBp5baK3v3ClAUMBJcmtp nhPI7DgyPjCo3xuCaTuk10FG/mB3d95wy0lA/Zu6K9I1mB0rUabMlQG3YQUek0hDuF y1mLISX5G9gVpgTZVJ8ZgmcO0S7gFFNyLo70bGDRFn3RMYtU5ZhgL92H+SLwijt7k3 vjj42dkriKs0ZX1OcaAf9K1TO8cYijldSr0pPtWRiriEDkLY+pzgH8JLDomFhXTBUm hsUrRDwXE+TlZ0mQNmiwV8s44dehEZKyCgTcwokvL76RRh7oaRnS+om9g41Tzg24TG GxzKWB01Xkmhg== Date: Thu, 24 Mar 2022 18:01:38 +0000 From: Eric Biggers To: "Jason A. Donenfeld" Cc: David Laight , "Alex Xu (Hello71)" , Linux Crypto Mailing List , LKML , Jann Horn , Dominik Brodowski , Guenter Roeck , Linus Torvalds , Theodore Ts'o , Sandy Harris Subject: Re: [PATCH] random: allow writes to /dev/urandom to influence fast init Message-ID: References: <20220322191436.110963-1-Jason@zx2c4.com> <1648009787.fah6dos6ya.none@localhost> <7cde489e73c8448b95a1b7bc6ed1d75b@AcuMS.aculab.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Mar 23, 2022 at 01:53:03PM -0600, Jason A. Donenfeld wrote: > Hi David, > > On Wed, Mar 23, 2022 at 8:01 AM David Laight wrote: > > > > From: Jason A. Donenfeld > > > Sent: 23 March 2022 04:48 > > ... > > > - Plenty of things are seeding the RNG correctly, and buildroot's > > > shell script is just "doing it wrong". > > > > > > On that last point, I should reiterate that buildroot's shell script > > > still isn't actually initializing the RNG, despite what it says in its > > > echo; there's never been a way to initialize the RNG from a shell > > > script, without calling out to various special purpose ioctl-aware > > > binaries. > > > > Perhaps the very first write after boot could be assumed to > > be valid initialisation data? > > (On top of a few other tests.) > > I addressed this already earlier. That approach does not work. Too > many things already pass in garbage, not expecting for it to be > credited, but just contributory. /dev/urandom writes simply has never > had the semantics one would want for credited seeding. Adding a > heuristic like this will break users. > Just to give an example of this, one of the first things that Android does at boot time is copy the kernel command line into /dev/urandom: https://android.googlesource.com/platform/system/core/+/refs/heads/android12-release/rootdir/init.rc#122 It would certainly be undesirable if that started crediting entropy, given that the command line might not contain much entropy, or any at all. (And yes, copying the kernel command line into /dev/urandom is redundant in kernels v4.14 and later due to https://git.kernel.org/linus/33d72f3822d7ff8a. But this is going to be kept around for a while longer due to older kernels.) - Eric