Linux To Better Protect Entropy Sent In From User-Space

Fedora has resorted to a user-space jitter entropy daemon to workaround slow boot times on a sub-set of systems/VMs when using recent kernels. A change was made to the kernel earlier this year for addressing CVE-2018-1108, which is about a weakness in the kernel's random seed data whereby early processes in the boot sequence could not have random enough data. But the fix dramatically slows down systems booting by waiting until sufficient entropy is available. This is problematic particularly for VMs where virtio-rng is not present. For some users, they can't get the system(s) booted on affected kernels unless tapping on keyboard keys enough times for generating sufficient entropy.
So Fedora now is deploying a user-space jitter entropy daemon for ensuring sufficient entropy becomes available at boot-time. This CPU jitter random number generator source was then added to the upstream rng-tools earlier this month. This user-space entropy daemon utilizes the CPU Jitter Random Number Generator.
But with that generator/daemon not being a true physical RNG, it's vulnerable to potential exploit too. But Ted Ts'o has now queued this small patch mixing Intel RdRand with entropy sent from user-space. A fair number of people don't trust the Intel RdRand generator to be truly random and could be bugged by spy agencies like the NSA, but in this case it's simply being mixed in with entropy supplied by user-space: so it adds some value regardless.
The discussion over the entropy issue with the kernel can be found via this Red Hat bug report while Ted Ts'o chimed in with this improvement to better protect the randomness by RdRand when relying upon the user-space data. This change is queued in Ted's random subsystem code and is also marked for inclusion by supported stable kernel branches.
12 Comments