| Message ID | 1558992584-11997-5-git-send-email-ynezz@true.cz |
|---|---|
| State | Accepted |
| Delegated to: | Petr Štetiar |
| Headers | show |
| Series | add ??rngd: true RNG based on timing jitter | expand |
On Tue, 28 May 2019 at 05:30, Petr Štetiar <ynezz@true.cz> wrote: > > urandom-seed content was split from base-files into separate package so > in order to preserve the current functionality and to provide some > fallback mechanism in case jent-rng initialization fails in urngd we > need to add it back. > > urngd is OpenWrt's micro non-physical true random number generator based > on timing jitter. > If I understand the patch correctly it seems the urandom-seed will run along side with urngd, not a fallback. Is urandom-seed a must, or only serve as a precaution just in case? If urngd can solve the problem what urandom-seed is for, I would suggest we make urandom-seed an opt-in option, not included by default. Regards, yousong > Signed-off-by: Petr Štetiar <ynezz@true.cz> > --- > include/target.mk | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/target.mk b/include/target.mk > index 4f3bd43e6cb6..a813ba2d2d87 100644 > --- a/include/target.mk > +++ b/include/target.mk > @@ -13,7 +13,7 @@ __target_inc=1 > DEVICE_TYPE?=router > > # Default packages - the really basic set > -DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd > +DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd > # For nas targets > DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm > # For router targets > -- > 1.9.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Yousong Zhou <yszhou4tech@gmail.com> [2019-05-29 10:25:52]: > On Tue, 28 May 2019 at 05:30, Petr Štetiar <ynezz@true.cz> wrote: > > > > urandom-seed content was split from base-files into separate package so > > in order to preserve the current functionality and to provide some > > fallback mechanism in case jent-rng initialization fails in urngd we > > need to add it back. > > > > urngd is OpenWrt's micro non-physical true random number generator based > > on timing jitter. > > If I understand the patch correctly it seems the urandom-seed will run > along side with urngd, not a fallback. along side with urngd, not as a fallback, just to keep the current state. It's not a fallback as urandom-seed doesn't provide input which is trusted by kernel as urandom-seed is just feeding urandom.seed file to kernel through /dev/urandom file, and this input is never trusted by kernel so it's just being added to the entropy pool, without any credibility. > Is urandom-seed a must, or only serve as a precaution just in case? it's not a must, 4.14 kernel (didn't checked 4.9) can collect good enough entropy by itself. urandom-seed is just adding some kind of 512 byte noise (which we collect only on the first boot) to the kernel entropy pool, which is then being mixed with other kernel sources in order to provide usable noise to /dev/random. > If urngd can solve the problem what urandom-seed is for, I would > suggest we make urandom-seed an opt-in option, not included by > default. That was my plan in RFC series, but as we don't know yet where urngd works, I've kept it for now. We can then probably remove urandom-seed in those platforms, where we're sure, that urngd works and if we find out, that it's just mt7620 having issues, then we can make it opt-in by default (remove urandom-seed from the global default packages) and add urandom-seed just to the mt7620 default package set. -- ynezz
diff --git a/include/target.mk b/include/target.mk index 4f3bd43e6cb6..a813ba2d2d87 100644 --- a/include/target.mk +++ b/include/target.mk @@ -13,7 +13,7 @@ __target_inc=1 DEVICE_TYPE?=router # Default packages - the really basic set -DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd +DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd # For nas targets DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm # For router targets
urandom-seed content was split from base-files into separate package so in order to preserve the current functionality and to provide some fallback mechanism in case jent-rng initialization fails in urngd we need to add it back. urngd is OpenWrt's micro non-physical true random number generator based on timing jitter. Signed-off-by: Petr Štetiar <ynezz@true.cz> --- include/target.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)