Date: Fri, 21 Sep 2012 07:35:49 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: David O'Brien <obrien@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20120921053549.GF1407@garage.freebsd.pl> In-Reply-To: <20120919223459.GC25606@dragon.NUXI.org> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919223459.GC25606@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--7mxbaLlpDEyR1+x6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 19, 2012 at 03:34:59PM -0700, David O'Brien wrote: > On Tue, Sep 18, 2012 at 11:14:22PM +0200, Pawel Jakub Dawidek wrote: > > I experimented a bit with collecting entropy from the time it takes for > > device_attach() to run (in CPU cycles). It seems that those times have > > enough variation that we can use it for entropy harvesting. It happens > > even before root is mounted, so pretty early. >=20 > I like it. Microsoft harvests from something like 900 events/things. > The more good things like this we find improves our security. >=20 > > The patch is here: > > http://people.freebsd.org/~pjd/patches/harvest_device_attach.patch > > Comments? >=20 > Embelishments: Note that adding sysctl to turn off entropy harvesting from device_attach() is pretty useless, as sysctls can be changed once we start userland and then all device_attach() are already called (modulo drivers loaded later). What I'd like to see is for all those sysctls to have corresponding tunables, then it would make more sense. > Index: sys/dev/random/randomdev_soft.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sys/dev/random/randomdev_soft.c (revision 240694) > +++ sys/dev/random/randomdev_soft.c (working copy) > @@ -158,6 +185,11 @@ random_yarrow_init(void) > "Harvest serial net entropy"); > SYSCTL_ADD_PROC(&random_clist, > SYSCTL_CHILDREN(random_sys_harvest_o), > + OID_AUTO, "devprobe", CTLTYPE_INT | CTLFLAG_RW, > + &harvest.devprobe, 1, random_check_boolean, "I", > + "Harvest Device Probe entropy"); > + SYSCTL_ADD_PROC(&random_clist, > + SYSCTL_CHILDREN(random_sys_harvest_o), > OID_AUTO, "interrupt", CTLTYPE_INT | CTLFLAG_RW, > &harvest.interrupt, 1, random_check_boolean, "I", > "Harvest IRQ entropy"); > @@ -303,7 +341,7 @@ random_harvest_internal(u_int64_t someco > KASSERT(origin =3D=3D RANDOM_START || origin =3D=3D RANDOM_WRITE || > origin =3D=3D RANDOM_KEYBOARD || origin =3D=3D RANDOM_MOUSE = || > origin =3D=3D RANDOM_NET || origin =3D=3D RANDOM_INTERRUPT || > - origin =3D=3D RANDOM_PURE, > + origin =3D=3D RANDOM_PURE || origin =3D=3D RANDOM_DEVICE, > ("random_harvest_internal: origin %d invalid\n", origin)); > =20 > /* Lockless read to avoid lock operations if fifo is full. */ > Index: sys/dev/random/harvest.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sys/dev/random/harvest.c (revision 240694) > +++ sys/dev/random/harvest.c (working copy) > @@ -48,7 +48,13 @@ __FBSDID("$FreeBSD$"); > static int read_random_phony(void *, int); > =20 > /* Structure holding the desired entropy sources */ > -struct harvest_select harvest =3D { 1, 1, 1, 0 }; > +struct harvest_select harvest =3D { > + 1, /*ethernet*/ > + 1, /*pt2pt*/ > + 1, /*intr*/ > + 0, /*swi*/ > + 1, /*devprobe*/ > +}; > static int warned =3D 0; > =20 > /* hold the address of the routine which is actually called if > Index: sys/sys/random.h > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sys/sys/random.h (revision 240495) > +++ sys/sys/random.h (working copy) > @@ -45,6 +45,7 @@ enum esource { > RANDOM_NET, > RANDOM_INTERRUPT, > RANDOM_PURE, > + RANDOM_DEVICE, > ENTROPYSOURCE > }; > void random_harvest(void *, u_int, u_int, u_int, enum esource); > @@ -57,6 +58,7 @@ struct harvest_select { > int point_to_point; > int interrupt; > int swi; > + int device; > }; > =20 > extern struct harvest_select harvest; > Index: sys/kern/subr_bus.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sys/kern/subr_bus.c (revision 240495) > +++ sys/kern/subr_bus.c (working copy) > @@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$"); > #include <sys/condvar.h> > #include <sys/queue.h> > #include <machine/bus.h> > +#include <sys/random.h> > #include <sys/rman.h> > #include <sys/selinfo.h> > #include <sys/signalvar.h> > @@ -53,6 +54,7 @@ __FBSDID("$FreeBSD$"); > #include <sys/bus.h> > #include <sys/interrupt.h> > =20 > +#include <machine/cpu.h> > #include <machine/stdarg.h> > =20 > #include <vm/uma.h> > @@ -2760,8 +2762,10 @@ device_probe_and_attach(device_t dev) > int > device_attach(device_t dev) > { > + uint64_t attachtime; > int error; > =20 > + attachtime =3D get_cyclecount(); > device_sysctl_init(dev); > if (!device_is_quiet(dev)) > device_print_child(dev->parent, dev); > @@ -2784,6 +2788,10 @@ device_attach(device_t dev) > dev->state =3D DS_ATTACHED; > dev->flags &=3D ~DF_DONENOMATCH; > devadded(dev); > + if (harvest.devprobe) > + random_harvest(&attachtime, sizeof(attachtime), 4, 0, > + RANDOM_DEVICE); > + > return (0); > } > =20 > Index: etc/defaults/rc.conf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/defaults/rc.conf (revision 239610) > +++ etc/defaults/rc.conf (working copy) > @@ -642,6 +642,7 @@ entropy_file=3D"/entropy" # Set to NO to d > entropy_dir=3D"/var/db/entropy" # Set to NO to disable caching entropy v= ia cron. > entropy_save_sz=3D"2048" # Size of the entropy cache files. > entropy_save_num=3D"8" # Number of entropy cache files to save. > +harvest_devprobe=3D"YES" # Entropy device harvests device probe randomne= ss > harvest_interrupt=3D"YES" # Entropy device harvests interrupt randomness > harvest_ethernet=3D"YES" # Entropy device harvests ethernet randomness > harvest_p_to_p=3D"YES" # Entropy device harvests point-to-point randomne= ss > Index: etc/rc.d/initrandom > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/rc.d/initrandom (revision 239610) > +++ etc/rc.d/initrandom (working copy) > @@ -41,6 +63,12 @@ initrandom_start() > if [ \! -z "${soft_random_generator}" ] ; then > =20 > if [ -w /dev/random ]; then > + if checkyesno harvest_devprobe; then > + ${SYSCTL} kern.random.sys.harvest.devprobe=3D1 >/dev/null > + echo -n ' interrupts' > + else > + ${SYSCTL} kern.random.sys.harvest.devprobe=3D0 >/dev/null > + fi > if checkyesno harvest_interrupt; then > ${SYSCTL} kern.random.sys.harvest.interrupt=3D1 >/dev/null > echo -n ' interrupts' --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --7mxbaLlpDEyR1+x6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBb/LUACgkQForvXbEpPzRqbwCggYbw2eHuwSQ3ymbaOhoWH98w 7m4AmwQHghgTE7VWsaUs+5sU/cjKpJjB =A9ZX -----END PGP SIGNATURE----- --7mxbaLlpDEyR1+x6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120921053549.GF1407>