Linux To Better Protect Entropy Sent In From User-Space

Written by Michael Larabel in Linux Kernel on 18 July 2018 at 04:07 AM EDT. 12 Comments
Fedora has begun utilizing a user-space jitter entropy daemon for feeding entropy to the kernel at boot time in case not enough is available for the kernel's random needs. But with that approach not being from a true hardware random number generator, a patch worked out by veteran Linux kernel developer Ted Ts'o will mix in RdRand entropy.

Fedora has resorted to a user-space jitter entropy daemon to workaround slow boot times on a sub-set of systems/VMs when using recent kernels. A change was made to the kernel earlier this year for addressing CVE-2018-1108, which is about a weakness in the kernel's random seed data whereby early processes in the boot sequence could not have random enough data. But the fix dramatically slows down systems booting by waiting until sufficient entropy is available. This is problematic particularly for VMs where virtio-rng is not present. For some users, they can't get the system(s) booted on affected kernels unless tapping on keyboard keys enough times for generating sufficient entropy.

So Fedora now is deploying a user-space jitter entropy daemon for ensuring sufficient entropy becomes available at boot-time. This CPU jitter random number generator source was then added to the upstream rng-tools earlier this month. This user-space entropy daemon utilizes the CPU Jitter Random Number Generator.

But with that generator/daemon not being a true physical RNG, it's vulnerable to potential exploit too. But Ted Ts'o has now queued this small patch mixing Intel RdRand with entropy sent from user-space. A fair number of people don't trust the Intel RdRand generator to be truly random and could be bugged by spy agencies like the NSA, but in this case it's simply being mixed in with entropy supplied by user-space: so it adds some value regardless.

The discussion over the entropy issue with the kernel can be found via this Red Hat bug report while Ted Ts'o chimed in with this improvement to better protect the randomness by RdRand when relying upon the user-space data. This change is queued in Ted's random subsystem code and is also marked for inclusion by supported stable kernel branches.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week