Linux To Better Protect Entropy Sent In From User-Space

Written by Michael Larabel in Linux Kernel on 18 July 2018 at 04:07 AM EDT. 12 Comments
LINUX KERNEL
Fedora has begun utilizing a user-space jitter entropy daemon for feeding entropy to the kernel at boot time in case not enough is available for the kernel's random needs. But with that approach not being from a true hardware random number generator, a patch worked out by veteran Linux kernel developer Ted Ts'o will mix in RdRand entropy.

Fedora has resorted to a user-space jitter entropy daemon to workaround slow boot times on a sub-set of systems/VMs when using recent kernels. A change was made to the kernel earlier this year for addressing CVE-2018-1108, which is about a weakness in the kernel's random seed data whereby early processes in the boot sequence could not have random enough data. But the fix dramatically slows down systems booting by waiting until sufficient entropy is available. This is problematic particularly for VMs where virtio-rng is not present. For some users, they can't get the system(s) booted on affected kernels unless tapping on keyboard keys enough times for generating sufficient entropy.

So Fedora now is deploying a user-space jitter entropy daemon for ensuring sufficient entropy becomes available at boot-time. This CPU jitter random number generator source was then added to the upstream rng-tools earlier this month. This user-space entropy daemon utilizes the CPU Jitter Random Number Generator.

But with that generator/daemon not being a true physical RNG, it's vulnerable to potential exploit too. But Ted Ts'o has now queued this small patch mixing Intel RdRand with entropy sent from user-space. A fair number of people don't trust the Intel RdRand generator to be truly random and could be bugged by spy agencies like the NSA, but in this case it's simply being mixed in with entropy supplied by user-space: so it adds some value regardless.

The discussion over the entropy issue with the kernel can be found via this Red Hat bug report while Ted Ts'o chimed in with this improvement to better protect the randomness by RdRand when relying upon the user-space data. This change is queued in Ted's random subsystem code and is also marked for inclusion by supported stable kernel branches.
12 Comments
Related News
Linux 6.4-rc5 Released - The Kernel Is Looking To Be In Good Shape
Updated EEVDF Linux CPU Scheduler Patches Posted That Plan To Replace CFS
Linux 6.3.5 Released With XFS Metadata Corruption Fix
Linux 6.4-rc4 Released As A "Fairly Normal" Release
Linux Preps Hybrid SMP Fix To Avoid Upcoming Laptops Appearing As 11 Socket Monsters
Big Throughput Boost & Lower Latency With New Patch For Linux Checksum Function
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
System76 Virgo Aims To Be The Quietest Yet Most Performant Linux Laptop
XFS Metadata Corruption On Linux 6.3 Tracked Down To One Missing One-Line Patch
Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement
System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake
Vulkan 1.3.251 Released With One New Extension Worked On By Valve, Nintendo & Others
Linux 6.4-rc4 Released As A "Fairly Normal" Release
NVIDIA R535 Linux Beta Brings New Vulkan Extensions, DMA-BUF v4 Wayland Protocol
Linux 6.3.5 Released With XFS Metadata Corruption Fix