Date: Wed, 19 Sep 2012 17:28:46 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: Collecting entropy from device_attach() times. Message-ID: <867grqm3pt.fsf@ds4.des.no> In-Reply-To: <20120918211422.GA1400@garage.freebsd.pl> (Pawel Jakub Dawidek's message of "Tue, 18 Sep 2012 23:14:22 %2B0200") References: <20120918211422.GA1400@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Jakub Dawidek <pjd@FreeBSD.org> writes: > I experimented a bit with collecting entropy from the time it takes for > device_attach() to run (in CPU cycles). It seems that those times have > enough variation that we can use it for entropy harvesting. It happens > even before root is mounted, so pretty early. Excellent idea :) > On the machine I'm testing it, which has minimal kernel plus NIC driver > I see 75 device_attach() calls. I'm being very careful and advertising > to yarrow that each call has only 4 bits of entropy (most of the time > there is much more). This gives 300 bits of entropy on this machine > before we even start init. Virtual machines (and even some physical hardware) can have as few as 40 devices. I have a VirtualBox instance running 9.1-RC1 that has only 36 devices (based on `sysctl dev | cut -d. -f2-3 | sort -u | wc -l`), and a soekris net5501 that only has 43. This does not count network interfaces, though. > For real hardware like sound card it takes between 34647162 and 35548675 > cycles to run device_attach(), [...] You can't rely on the existence of a TSC. I would suggest using the fractional part of binuptime instead. I would also suggest modifying yarrow to block reseeding as long as possible, ideally right up until the first time something asks for a random number, since reseeding throws away all accumulated entropy. I'd suggest delaying reseeding until right before we start the scheduler, but if I understand correctly, geom_geli may need randomness before that? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?867grqm3pt.fsf>