[Cryptography] Improvements to RNG seeding in Linux 4.10
Ard Biesheuvel
ard.biesheuvel at gmail.com
Wed Mar 1 12:00:56 EST 2017
2017-03-01 3:35 GMT+00:00 James A. Donald <jamesd at echeque.com>:
> On 2/28/2017 4:45 PM, Marshall Pierce wrote:
>>
>> It seems that Linux 4.10 will get its entropy pool populated early in boot
>> via UEFI.
>>
>> Commits:
>> -
>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=568bc4e87033d232c5fd00d5b0cd22a2ccc04944
>> -
>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=636259880a7e7d3446a707dddebc799da94bdd0b
>
>
> UEFI means that device specific hardware can supply entropy. Which makes
> sense given that only device specific hardware can access things that are
> truly random.
>
> But chances are that the hardware will not have drivers to access device
> specific entropy, that since customers will not know, hardware makers will
> not bother.
>
As I replied to Marshall directly, rather than with the list on cc:
"""
Yes, but with two important caveats:
- it is specific to ARM and arm64 booting Linux via UEFI, which is a
small minority atm
- the EFI_RNG_PROTOCOL is not mandatory, so even on such systems, it
may not be implemented.
So while it is good for future systems, upgrading the kernel on an
existing device is highly unlikely to bring any improvement in this
regard.
"""
While UEFI does not mandate EFI_RNG_PROTOCOL to be implemented, it may
be mandatory for meeting additional requirements such as the Server
Base Boot Requirements (SBBR) published by ARM Ltd. The
EFI_RNG_PROTOCOL is also invoked for kernel ASLR on Linux/arm64
systems, and people will notice if that doesn't work.
More information about the cryptography
mailing list