From owner-freebsd-security@FreeBSD.ORG Thu Sep 20 17:47:01 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 637CE106566C; Thu, 20 Sep 2012 17:47:01 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 375EF8FC0A; Thu, 20 Sep 2012 17:47:01 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 753C8B963; Thu, 20 Sep 2012 13:47:00 -0400 (EDT) From: John Baldwin To: freebsd-security@freebsd.org Date: Thu, 20 Sep 2012 07:58:51 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110714-p17; KDE/4.5.5; amd64; ; ) References: <20120918211422.GA1400@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <20120920102104.GA1397@garage.freebsd.pl> In-Reply-To: <20120920102104.GA1397@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201209200758.51924.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Thu, 20 Sep 2012 13:47:00 -0400 (EDT) Cc: Mariusz Gromada , RW , Jonathan Anderson , Pawel Jakub Dawidek Subject: Re: Collecting entropy from device_attach() times. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2012 17:47:01 -0000 On Thursday, September 20, 2012 6:21:04 am Pawel Jakub Dawidek wrote: > On Wed, Sep 19, 2012 at 11:10:51PM +0100, RW wrote: > > On Wed, 19 Sep 2012 22:53:32 +0200 > > Pawel Jakub Dawidek wrote: > > > > > > > Here's how the distribution looks like for device_attach() times of my > > > sound card. The times were 26bit numbers, so this is after discarding > > > top ten bits, which leave us with 16 lower bits of pure entropy:) > > > > > > http://people.freebsd.org/~pjd/misc/harvest_device_attach.png > > > > > > You're basing a model for all devices on a single sound card, that > > doesn't seem safe to me. Isn't it possible that a device could take a > > long and well defined time? Some interrupts can carry a lot of entropy > > but they are still only accounted at 2 bits. > > I agree, we should do such analysis for much more devices and different > kind of devices. A platform might be an important factor as well. > It is hard to collect decent number of probes when reboot is needed, so > what I'd recommend is to turn of SMP, boot into single module and > kldload/kldunload a driver in a loop, of course with kernel patched to > log those times. This is not always representative. Any driver that uses a config intrhook will run that synchronously during attach() in single user mode but will not during boot. config intrhook's often go out and do things that take a variable amount of time (poking hardware, waiting for interrupts, etc.). That means that timing any such drivers from single user mode will likely give you more variable attach() times than would occur during boot. -- John Baldwin