[Bug 1983359] Re: [SRU] hwrng drivers missing in initrd.img
Heinrich Schuchardt
1983359 at bugs.launchpad.net
Wed Jun 14 08:33:42 UTC 2023
** Description changed:
[Impact]
- The initialization of the entropy buffer of the urandom device is critical for security.
+
+ The initialization of the entropy buffer of the urandom device is
+ critical for security.
When booting Jammy 22.04.1 on QEMU riscv64 I see the following warnings:
[ 14.654546] random: lvm: uninitialized urandom read (4 bytes read)
[ 15.247995] random: lvm: uninitialized urandom read (2 bytes read)
[ 22.484719] random: lvm: uninitialized urandom read (4 bytes read)
[ 43.161846] random: lvmconfig: uninitialized urandom read (4 bytes read)
[ 48.862281] random: lvm: uninitialized urandom read (4 bytes read)
Module virtio-rng.ko is missing in initrd.img.
Adding virtio_rng to /etc/initramfs-tools/modules avoids the warnings.
Hardware RNG drivers should generally be included in the initrd to
provide early entropy.
[Test case]
- * Update the initramfs-tools package.
- * Run 'update-initramfs -k $(uname -r) -u' with MODULES=most (defined in /etc/initramfs-tools/initramfs.conf or in /etc/initramfs-tools/conf.d/*.conf)
- * Unpack the initrd with 'unmkinitramfs /boot/initrd.img-$(uname -r)'
- * Check that [main/]lib/modules/$(uname -r)/kernel/drivers/char/hw_random/ exists and contains kernel modules.
+ To reproduce the issue:
+
+ Download https://old-
+ releases.ubuntu.com/releases/22.04.1/ubuntu-22.04.1-preinstalled-server-
+ riscv64+unmatched.img.xz.
+
+ Decompress it with
+ xz -d ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img.xz
+
+ Run it in QEMU with
+
+ qemu-system-riscv64 \
+ -machine virt -nographic -m 2048 -smp 4 \
+ -bios /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.bin \
+ -kernel /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf \
+ -device virtio-net-device,netdev=eth0 -netdev user,id=eth0 \
+ -device virtio-rng-pci \
+ -drive file=ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img,format=raw,if=virtio
+
+ You can log into the system with user ubuntu, password ubuntu after
+ seeing the message "Cloud-init v. 22.2-0ubuntu1~22.04.3 finished"
+
+ Run 'sudo dmesg | grep 'uninitialized urandom'
+
+ To test the fix:
+
+ Update the initramfs-tools package.
+
+ Run 'update-initramfs -k $(uname -r) -u' with MODULES=most (defined in
+ /etc/initramfs-tools/initramfs.conf or in /etc/initramfs-
+ tools/conf.d/*.conf)
+
+ Unpack the initrd with 'unmkinitramfs /boot/initrd.img-$(uname -r)'
+
+ Check that [main/]lib/modules/$(uname -r)/kernel/drivers/char/hw_random/
+ exists and contains kernel modules. When running on QEMU the relevant
+ module is virtio-rng.ko.
+
+ Reboot and check the kernel log by running 'sudo dmesg | grep
+ 'uninitialized urandom'.
[Where problems could occur]
Adding more drivers increases the size of the initrd. The larger initrd
might not fit onto the boot partition. The total size of hw_random
drivers on amd64 is less than 150 KiB so this seem improbable.
[Other Info]
n/a
** Description changed:
[Impact]
The initialization of the entropy buffer of the urandom device is
critical for security.
When booting Jammy 22.04.1 on QEMU riscv64 I see the following warnings:
[ 14.654546] random: lvm: uninitialized urandom read (4 bytes read)
[ 15.247995] random: lvm: uninitialized urandom read (2 bytes read)
[ 22.484719] random: lvm: uninitialized urandom read (4 bytes read)
[ 43.161846] random: lvmconfig: uninitialized urandom read (4 bytes read)
[ 48.862281] random: lvm: uninitialized urandom read (4 bytes read)
Module virtio-rng.ko is missing in initrd.img.
Adding virtio_rng to /etc/initramfs-tools/modules avoids the warnings.
Hardware RNG drivers should generally be included in the initrd to
provide early entropy.
[Test case]
To reproduce the issue:
+
+ Install the prerequisites:
+ sudo apt-get update
+ sudo apt-get install opensbi qemu-system-misc u-boot-qemu
Download https://old-
releases.ubuntu.com/releases/22.04.1/ubuntu-22.04.1-preinstalled-server-
riscv64+unmatched.img.xz.
Decompress it with
xz -d ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img.xz
Run it in QEMU with
qemu-system-riscv64 \
-machine virt -nographic -m 2048 -smp 4 \
-bios /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.bin \
-kernel /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf \
-device virtio-net-device,netdev=eth0 -netdev user,id=eth0 \
-device virtio-rng-pci \
-drive file=ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img,format=raw,if=virtio
You can log into the system with user ubuntu, password ubuntu after
seeing the message "Cloud-init v. 22.2-0ubuntu1~22.04.3 finished"
Run 'sudo dmesg | grep 'uninitialized urandom'
To test the fix:
Update the initramfs-tools package.
Run 'update-initramfs -k $(uname -r) -u' with MODULES=most (defined in
/etc/initramfs-tools/initramfs.conf or in /etc/initramfs-
tools/conf.d/*.conf)
Unpack the initrd with 'unmkinitramfs /boot/initrd.img-$(uname -r)'
Check that [main/]lib/modules/$(uname -r)/kernel/drivers/char/hw_random/
exists and contains kernel modules. When running on QEMU the relevant
module is virtio-rng.ko.
Reboot and check the kernel log by running 'sudo dmesg | grep
'uninitialized urandom'.
[Where problems could occur]
Adding more drivers increases the size of the initrd. The larger initrd
might not fit onto the boot partition. The total size of hw_random
drivers on amd64 is less than 150 KiB so this seem improbable.
[Other Info]
n/a
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1983359
Title:
[SRU] hwrng drivers missing in initrd.img
Status in initramfs-tools package in Ubuntu:
Fix Released
Status in initramfs-tools source package in Jammy:
Confirmed
Status in initramfs-tools source package in Kinetic:
Fix Released
Bug description:
[Impact]
The initialization of the entropy buffer of the urandom device is
critical for security.
When booting Jammy 22.04.1 on QEMU riscv64 I see the following
warnings:
[ 14.654546] random: lvm: uninitialized urandom read (4 bytes read)
[ 15.247995] random: lvm: uninitialized urandom read (2 bytes read)
[ 22.484719] random: lvm: uninitialized urandom read (4 bytes read)
[ 43.161846] random: lvmconfig: uninitialized urandom read (4 bytes read)
[ 48.862281] random: lvm: uninitialized urandom read (4 bytes read)
Module virtio-rng.ko is missing in initrd.img.
Adding virtio_rng to /etc/initramfs-tools/modules avoids the warnings.
Hardware RNG drivers should generally be included in the initrd to
provide early entropy.
[Test case]
To reproduce the issue:
Install the prerequisites:
sudo apt-get update
sudo apt-get install opensbi qemu-system-misc u-boot-qemu
Download https://old-
releases.ubuntu.com/releases/22.04.1/ubuntu-22.04.1-preinstalled-
server-riscv64+unmatched.img.xz.
Decompress it with
xz -d ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img.xz
Run it in QEMU with
qemu-system-riscv64 \
-machine virt -nographic -m 2048 -smp 4 \
-bios /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.bin \
-kernel /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf \
-device virtio-net-device,netdev=eth0 -netdev user,id=eth0 \
-device virtio-rng-pci \
-drive file=ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img,format=raw,if=virtio
You can log into the system with user ubuntu, password ubuntu after
seeing the message "Cloud-init v. 22.2-0ubuntu1~22.04.3 finished"
Run 'sudo dmesg | grep 'uninitialized urandom'
To test the fix:
Update the initramfs-tools package.
Run 'update-initramfs -k $(uname -r) -u' with MODULES=most (defined in
/etc/initramfs-tools/initramfs.conf or in /etc/initramfs-
tools/conf.d/*.conf)
Unpack the initrd with 'unmkinitramfs /boot/initrd.img-$(uname -r)'
Check that [main/]lib/modules/$(uname
-r)/kernel/drivers/char/hw_random/ exists and contains kernel modules.
When running on QEMU the relevant module is virtio-rng.ko.
Reboot and check the kernel log by running 'sudo dmesg | grep
'uninitialized urandom'.
[Where problems could occur]
Adding more drivers increases the size of the initrd. The larger
initrd might not fit onto the boot partition. The total size of
hw_random drivers on amd64 is less than 150 KiB so this seem
improbable.
[Other Info]
n/a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1983359/+subscriptions
More information about the foundations-bugs
mailing list