Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Sep 2012 07:58:51 -0400
From:      John Baldwin <jhb@freebsd.org>
To:        freebsd-security@freebsd.org
Cc:        Mariusz Gromada <mariusz.gromada@gmail.com>, RW <rwmaillists@googlemail.com>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Pawel Jakub Dawidek <pjd@freebsd.org>
Subject:   Re: Collecting entropy from device_attach() times.
Message-ID:  <201209200758.51924.jhb@freebsd.org>
In-Reply-To: <20120920102104.GA1397@garage.freebsd.pl>
References:  <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thursday, September 20, 2012 6:21:04 am Pawel Jakub Dawidek wrote:
> On Wed, Sep 19, 2012 at 11:10:51PM +0100, RW wrote:
> > On Wed, 19 Sep 2012 22:53:32 +0200
> > Pawel Jakub Dawidek wrote:
> > 
> > 
> > > Here's how the distribution looks like for device_attach() times of my
> > > sound card. The times were 26bit numbers, so this is after discarding
> > > top ten bits, which leave us with 16 lower bits of pure entropy:)
> > > 
> > > 	http://people.freebsd.org/~pjd/misc/harvest_device_attach.png
> > 
> > 
> > You're basing  a model for all devices on a single sound card, that
> > doesn't seem safe to me. Isn't it possible that a device could take a
> > long and well defined time? Some interrupts can carry a lot of entropy
> > but they are still only accounted at 2 bits.
> 
> I agree, we should do such analysis for much more devices and different
> kind of devices. A platform might be an important factor as well.
> It is hard to collect decent number of probes when reboot is needed, so
> what I'd recommend is to turn of SMP, boot into single module and
> kldload/kldunload a driver in a loop, of course with kernel patched to
> log those times.

This is not always representative.  Any driver that uses a config intrhook
will run that synchronously during attach() in single user mode but will
not during boot.  config intrhook's often go out and do things that take a
variable amount of time (poking hardware, waiting for interrupts, etc.).
That means that timing any such drivers from single user mode will likely
give you more variable attach() times than would occur during boot.

-- 
John Baldwin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209200758.51924.jhb>