From owner-freebsd-security@FreeBSD.ORG  Thu Sep 20 10:30:31 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 38D96106566C;
	Thu, 20 Sep 2012 10:30:31 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
	by mx1.freebsd.org (Postfix) with ESMTP id E938D8FC17;
	Thu, 20 Sep 2012 10:30:29 +0000 (UTC)
Received: from ds4.des.no (smtp.des.no [194.63.250.102])
	by smtp.des.no (Postfix) with ESMTP id 8B8DA6256;
	Thu, 20 Sep 2012 12:30:28 +0200 (CEST)
Received: by ds4.des.no (Postfix, from userid 1001)
	id 28575870F; Thu, 20 Sep 2012 12:30:28 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Jonathan Anderson <jonathan@FreeBSD.org>
References: <20120918211422.GA1400@garage.freebsd.pl>
	<A8FD98DD94774D00B4E5F78D3174C1B4@gmail.com>
	<20120919192923.GA1416@garage.freebsd.pl>
	<20120919205331.GE1416@garage.freebsd.pl>
	<20120919231051.4bc5335b@gumby.homeunix.com>
	<86ipb9t5hj.fsf@ds4.des.no>
	<B2DE8ED23E0B43DFBE4A19603914B53D@FreeBSD.org>
Date: Thu, 20 Sep 2012 12:30:27 +0200
In-Reply-To: <B2DE8ED23E0B43DFBE4A19603914B53D@FreeBSD.org> (Jonathan
	Anderson's message of "Thu, 20 Sep 2012 11:03:55 +0100")
Message-ID: <86392dt29o.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@FreeBSD.org, RW <rwmaillists@googlemail.com>,
	Mariusz Gromada <mariusz.gromada@gmail.com>,
	Pawel Jakub Dawidek <pjd@FreeBSD.org>
Subject: Re: Collecting entropy from device_attach() times.
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2012 10:30:31 -0000

Jonathan Anderson <jonathan@FreeBSD.org> writes:
> For instance: on an embedded board with few devices, that uses FDT
> rather than bus enumeration whatsits, perhaps the time is more
> deterministic and therefore yields less entropy.

The idea is that attach() initializes the hardware, which is where the
unpredictability comes from.  Yes, embedded devices will certainly have
less of it, but they will still have *some*.  And yes, we need data,
which is why when I proposed this last week I also proposed a scheme to
record what we feed into Yarrow pre-boot so we could inspect it and
compare it across multiple boots.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no