Improving available entropy

Dustin Kirkland kirkland at canonical.com
Sat Feb 6 00:52:26 UTC 2016 

On Feb 5, 2016 6:39 PM, "Tyler Hicks" <tyhicks at canonical.com> wrote:
>
> I took a look at how we can improve entropy on devices such as the
> BeagleBone Black and Raspberry Pi 2. Lucky for us, both of those pieces
> of hardware include a hardware random number generator (hwrng) that can
> be used to feed random data into the kernel's random number entropy pool
> (which is what's behind /dev/random and /dev/urandom).
>
> Shortly after booting the devices, I took a look at the bits of entropy
> available on each device.
>
>   ubuntu at bbb:~$ cat /proc/sys/kernel/random/entropy_avail
>   165
>
>   ubuntu at rpi2:~$ cat /proc/sys/kernel/random/entropy_avail
>   528
>
> Those are the bits of entropy available out of a total poolsize of 4096
> bits. The BBB's number is very low while the RPI2 is only slightly
> better. However, neither of them can generate an RSA-2048 bit GPG key
> at this point due to /dev/random blocking. Keep in mind that this is
> after the device is fully booted, connected to the network, and I've
> ssh'ed in. The entropy levels are surely much lower before the network
> is up.
>
> We can improve things by leveraging the hwrng devices. We can see what
> hwrng sources are available by reading
> /sys/class/misc/hw_random/rng_available:
>
>   ubuntu at bbb:~$ cat /sys/class/misc/hw_random/rng_available
>   omap
>
> The BBB image loads the omap-rng kernel module during boot.
Unfortunately, the
> RPI2 image doesn't load the necessary kernel module for its hwrng. We'll
> load it and then make sure its available:
>
>   ubuntu at rpi2:~$ sudo modprobe bcm2708-rng
>   ubuntu at rpi2:~$ cat /sys/class/misc/hw_random/rng_available
>   bcm2708
>
> Having a hwrng available doesn't mean that the kernel's random number
> entropy pool is automatically fed. We need to use rngd, from rng-tools,
> to read from /dev/hwrng and write to /dev/random.
>
>   ubuntu at bbb:~$ cat /proc/sys/kernel/random/entropy_avail
>   180
>   ubuntu at bbb:~$ sudo ./rngd
>   ubuntu at bbb:~$ cat /proc/sys/kernel/random/entropy_avail
>   3100
>
>   ubuntu at rpi2:~$ cat /proc/sys/kernel/random/entropy_avail
>   544
>   ubuntu at rpi2:~$ sudo ./rngd
>   ubuntu at rpi2:~$ cat /proc/sys/kernel/random/entropy_avail
>   3097
>
> Now we can easily generate keys without GPG blocking while reading from
> /dev/random. rngd continues to feed random data into the kernel's
> entropy pool while things such as key gen operations deplete the pool.
>
> rngd includes fitness tests to ensure that the numbers read from
> /dev/hwrng look random, as defined by FIPS 140-2, before writing them to
> /dev/random.
>
> There are some things that need to be done to leverage the hwrng in
> these devices:
>
>  1) The RPI2 image needs to ensure that the bcm2708-rng kernel module is
>     loaded.
>  2) We need to make rng-tools available. Would it be preferred that
>     rng-tools is seeded in core or should it be a snap that gadget
>     snaps, for devices that have a hwrng, can declare as a preinstall
>     dependency?

I'd recommend a combined approach of (a) seeding the prng well, and (b)
strongly recommending (requiring?) that gadget snaps enable the HW rng
whenever possible.

> Tyler
>
> --
> snappy-devel mailing list
> snappy-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/snappy-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160205/2cd5c51b/attachment.html>

More information about the snappy-devel mailing list