Announcement

Collapse
No announcement yet.

Linux 5.5 To Finally Wire Up EFI RNG Code For x86 As Another Source Of Entropy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.5 To Finally Wire Up EFI RNG Code For x86 As Another Source Of Entropy

    Phoronix: Linux 5.5 To Finally Wire Up EFI RNG Code For x86 As Another Source Of Entropy

    Since 2016 the Linux kernel on ARM has invoked the EFI random number generator (RNG) protocol for serving as an additional source of entropy during early boot. With Linux 5.5 in early 2020 that code is finally happening for x86/x86_64...

    http://www.phoronix.com/scan.php?pag....5-EFI-RNG-x86

  • #2
    Is this EFI RNG a software or hardware implementation?
    Is this EFI RNG any more secure than just Linux kernel implementing their own software RNG algorithm in the kernel?

    I feel like EFI and x86 is a security nightmare. EFI is big and complex, while x86 is like Swiss cheese with new vulnerabilities being constantly discovered.

    Comment


    • #3
      Originally posted by uid313 View Post
      Is this EFI RNG a software or hardware implementation?
      Is this EFI RNG any more secure than just Linux kernel implementing their own software RNG algorithm in the kernel?

      I feel like EFI and x86 is a security nightmare. EFI is big and complex, while x86 is like Swiss cheese with new vulnerabilities being constantly discovered.
      ¯\_(ツ)_/¯

      Comment


      • #4
        Originally posted by uid313 View Post
        Is this EFI RNG a software or hardware implementation?
        Is this EFI RNG any more secure than just Linux kernel implementing their own software RNG algorithm in the kernel?

        I feel like EFI and x86 is a security nightmare. EFI is big and complex, while x86 is like Swiss cheese with new vulnerabilities being constantly discovered.
        Knowing how well the hardware manufacturers treat security, I wouldn't be surprised if the EFI RNG implementation from some of them return all zeros.

        Comment


        • #5
          Originally posted by Chugworth View Post
          Knowing how well the hardware manufacturers treat security, I wouldn't be surprised if the EFI RNG implementation from some of them return all zeros.
          In case of Sony ...very close https://www.engadget.com/2010/12/29/.../?guccounter=1 but maybe returning 4s is more secure then returning 0s

          Comment


          • #6
            Originally posted by CochainComplex View Post
            In case of Sony ...very close https://www.engadget.com/2010/12/29/.../?guccounter=1 but maybe returning 4s is more secure then returning 0s
            It's an extra entropy, it gets XORed into the already existing entropy. You can't make it worse off by mixing unrelated sources, even if one source is 100% predictable, it just won't do anything.

            Comment


            • #7
              Originally posted by CochainComplex View Post

              In case of Sony ...very close https://www.engadget.com/2010/12/29/.../?guccounter=1 but maybe returning 4s is more secure then returning 0s
              As long as the mix ingredients don't reduce entropy (which I don't think is actually possible), anyone relying on /dev/urandom at startup would be no worse off after than they were before hooking EFI RNG. The problem is when you start relying on single source HRNG instead of a properly mixed sources. Then you're at mercy of a single source getting it right 100% of the time - which doesn't happen in the real world. If you're after early boot process entropy for cryptographically secure hashes or key generation, you still need to do your diligence to find out if the device you're booting is even possible to generate proper keys or if you would have to wait till later or supply some form of alternative means.

              Comment


              • #8
                Originally posted by uid313 View Post
                Is this EFI RNG a software or hardware implementation?
                As is typical, "it depends". Various manufacturers may implement it differently on their platform. For that matter, EFI may not provide the functionality at all (one needs to test if it is available, and if so, what algorithms are supported). Having another source of potential entropy is typically considered goodness, or at worst neutral.

                Comment


                • #9
                  Originally posted by stormcrow View Post

                  As long as the mix ingredients don't reduce entropy (which I don't think is actually possible), anyone relying on /dev/urandom at startup would be no worse off after than they were before hooking EFI RNG. The problem is when you start relying on single source HRNG instead of a properly mixed sources. Then you're at mercy of a single source getting it right 100% of the time - which doesn't happen in the real world. If you're after early boot process entropy for cryptographically secure hashes or key generation, you still need to do your diligence to find out if the device you're booting is even possible to generate proper keys or if you would have to wait till later or supply some form of alternative means.
                  I don't know, maybe entropy gets reduced if its bad entropy.

                  I don't know what has more entropy;
                  [0, 0, 0, 0, 0 , 0, 1, 2, 3]
                  or
                  [1, 2, 3, 1, 2, 3, 1, 2, 3]

                  Comment


                  • #10
                    I think it is a mistake to think that x86 will always have EFI. For instance on Intel Edison there is U-Boot.

                    At the same time Edison was hurt a lot since Linux 4.20 as there are no other sources of entropy like mouse/keyboard/graphics/sound. It took minutes before it was possible to login in with ssh. For Edison we solved this by installing GNU rng-tools ("Daemon to use a Hardware TRNG. The rngd daemon acts as a bridge between a Hardware TRNG (true random number generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's PRNG"). With this entropy is gathered almost instantly.

                    Comment

                    Working...
                    X