From owner-freebsd-arch@FreeBSD.ORG Tue Nov 25 18:35:46 2014 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BD426B0C; Tue, 25 Nov 2014 18:35:46 +0000 (UTC) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 79B692F7; Tue, 25 Nov 2014 18:35:46 +0000 (UTC) Received: from [2001:470:9174:1:a022:fe58:8d38:bb1f] by gromit.grondar.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84 (FreeBSD)) (envelope-from ) id 1XtKxh-0004J3-2z; Tue, 25 Nov 2014 18:35:43 +0000 Subject: Re: svn commit: r274739 - head/sys/mips/conf Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Content-Type: text/plain; charset=windows-1252 From: Mark R V Murray In-Reply-To: <18F34536-CA8B-4365-BDD9-C2D23E6067AA@bsdimp.com> Date: Tue, 25 Nov 2014 18:35:40 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201411200552.sAK5qnXP063073@svn.freebsd.org> <20141120084832.GE24601@funkthat.com> <20141121092245.GI99957@funkthat.com> <1416582989.1147.250.camel@revolution.hippie.lan> <026FEB8A-CA8C-472F-A8E4-DA3D0AC44B34@grondar.org> <1416596266.1147.290.camel@revolution.hippie.lan> <1416598889.1147.297.camel@revolution.hippie.lan> <86egsvueqk.fsf@nine.des.no> <1416691274.1147.339.camel@revolution.hippie.lan> <398A380D-49AF-480C-8842-8835F81EF641@grondar.org> <1416806894.1147.362.camel@revolution.hippie.lan> <18B8A926-59C0-49B4-ADA3-A11688609852@grondar.org> <1416841268.1147.386.camel@revolution.hippie.lan> <86wq6k9okk.fsf@nine.des.no> <8661e3wtk6.fsf@nine.des.no> <86oarvvaet.fsf@nine.des.no> <86egsrxypx.fsf@nine.des.no> <1416925387 .1147.437.camel@revolution.hippie.lan> <18F34536-CA8B-4365-BDD9-C2D23E6067AA@bsdimp.com> To: Warner Losh X-Mailer: Apple Mail (2.1993) X-SA-Score: -1.0 Cc: =?windows-1252?Q?Dag-Erling_Sm=F8rgrav?= , Ian Lepore , arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 18:35:46 -0000 > On 25 Nov 2014, at 17:11, Warner Losh wrote: >> The repeatability of the boot sequence of hardware like this is = nearly >> perfect at the resolution we're measuring. While that may be bad for >> gathering entropy, it's a wonderful thing when you're debugging, = because >> problems that would be almost impossible to nail down on modern = complex >> hardware are 100% reproducible by just hitting the reset button. = That >> reproducibility extends all the way into multiuser mode unless there = is >> a network connection where packet arrival times start adding >> interrupt-based entropy. >=20 > Yea, every boot it is the same registers that are being read, in the > same sequence, resulting in very similar cache patterns and = performance > profiles. I=92d be surprised if anything apart from the ethernet = chip=92s > state was different between boots. And even the ethernet=92s stuff has > a low variance until interrupts are turned on=85 Things are far from perfect, but not entirely unexpected. I=92m well aware that PCs are low-entropy beasties at the best of times as we have to struggle like crazy to get what we have. The bottom-end boxes with no high-resolution timers are clearly going to be much worse. For real security, I guess the answer is cached entropy in files that are preserved over a boot and deleted straight after boot. Ian=92s case, where security is not an issue, should be solvable by getting the random(4) driver to be content with whatever it gets from the boot entropy, crappy as it is, in a way that doesn=92t offer an attack vector. This should be doable. M --=20 Mark R V Murray