[Bug 1983359] Update Released
Ćukasz Zemczak
1983359 at bugs.launchpad.net
Mon Jul 10 11:20:04 UTC 2023
The verification of the Stable Release Update for initramfs-tools has
completed successfully and the package is now being released to
-updates. Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1983359
Title:
[SRU] hwrng drivers missing in initrd.img
Status in initramfs-tools package in Ubuntu:
Fix Released
Status in initramfs-tools source package in Jammy:
Fix Released
Status in initramfs-tools source package in Kinetic:
Fix Released
Bug description:
[Impact]
The initialization of the entropy buffer of the urandom device is
critical for security.
When booting Jammy 22.04.1 on QEMU riscv64 I see the following
warnings:
[ 14.654546] random: lvm: uninitialized urandom read (4 bytes read)
[ 15.247995] random: lvm: uninitialized urandom read (2 bytes read)
[ 22.484719] random: lvm: uninitialized urandom read (4 bytes read)
[ 43.161846] random: lvmconfig: uninitialized urandom read (4 bytes read)
[ 48.862281] random: lvm: uninitialized urandom read (4 bytes read)
Module virtio-rng.ko is missing in initrd.img.
Adding virtio_rng to /etc/initramfs-tools/modules avoids the warnings.
Hardware RNG drivers should generally be included in the initrd to
provide early entropy.
[Test case]
To reproduce the issue:
Install the prerequisites:
sudo apt-get update
sudo apt-get install opensbi qemu-system-misc u-boot-qemu
Download https://old-
releases.ubuntu.com/releases/22.04.1/ubuntu-22.04.1-preinstalled-
server-riscv64+unmatched.img.xz.
Decompress it with
xz -d ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img.xz
Run it in QEMU with
qemu-system-riscv64 \
-machine virt -nographic -m 2048 -smp 4 \
-bios /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.bin \
-kernel /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf \
-device virtio-net-device,netdev=eth0 -netdev user,id=eth0 \
-device virtio-rng-pci \
-drive file=ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img,format=raw,if=virtio
You can log into the system with user ubuntu, password ubuntu after
seeing the message "Cloud-init v. 22.2-0ubuntu1~22.04.3 finished"
Run 'sudo dmesg | grep 'uninitialized urandom'
To test the fix:
Update the initramfs-tools package.
Run 'update-initramfs -k $(uname -r) -u' with MODULES=most (defined in
/etc/initramfs-tools/initramfs.conf or in /etc/initramfs-
tools/conf.d/*.conf)
Unpack the initrd with 'unmkinitramfs /boot/initrd.img-$(uname -r)'
Check that [main/]lib/modules/$(uname
-r)/kernel/drivers/char/hw_random/ exists and contains kernel modules.
When running on QEMU the relevant module is virtio-rng.ko.
Reboot and check the kernel log by running 'sudo dmesg | grep
'uninitialized urandom'.
[Where problems could occur]
Adding more drivers increases the size of the initrd. The larger
initrd might not fit onto the boot partition. The total size of
hw_random drivers on amd64 is less than 150 KiB so this seem
improbable.
[Other Info]
n/a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1983359/+subscriptions
More information about the foundations-bugs
mailing list