Linux To Better Protect Entropy Sent In From User-Space

Written by Michael Larabel in Linux Kernel on 18 July 2018 at 04:07 AM EDT. 12 Comments
LINUX KERNEL
Fedora has begun utilizing a user-space jitter entropy daemon for feeding entropy to the kernel at boot time in case not enough is available for the kernel's random needs. But with that approach not being from a true hardware random number generator, a patch worked out by veteran Linux kernel developer Ted Ts'o will mix in RdRand entropy.

Fedora has resorted to a user-space jitter entropy daemon to workaround slow boot times on a sub-set of systems/VMs when using recent kernels. A change was made to the kernel earlier this year for addressing CVE-2018-1108, which is about a weakness in the kernel's random seed data whereby early processes in the boot sequence could not have random enough data. But the fix dramatically slows down systems booting by waiting until sufficient entropy is available. This is problematic particularly for VMs where virtio-rng is not present. For some users, they can't get the system(s) booted on affected kernels unless tapping on keyboard keys enough times for generating sufficient entropy.

So Fedora now is deploying a user-space jitter entropy daemon for ensuring sufficient entropy becomes available at boot-time. This CPU jitter random number generator source was then added to the upstream rng-tools earlier this month. This user-space entropy daemon utilizes the CPU Jitter Random Number Generator.

But with that generator/daemon not being a true physical RNG, it's vulnerable to potential exploit too. But Ted Ts'o has now queued this small patch mixing Intel RdRand with entropy sent from user-space. A fair number of people don't trust the Intel RdRand generator to be truly random and could be bugged by spy agencies like the NSA, but in this case it's simply being mixed in with entropy supplied by user-space: so it adds some value regardless.

The discussion over the entropy issue with the kernel can be found via this Red Hat bug report while Ted Ts'o chimed in with this improvement to better protect the randomness by RdRand when relying upon the user-space data. This change is queued in Ted's random subsystem code and is also marked for inclusion by supported stable kernel branches.
12 Comments
Related News
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance