On Feb 5, 2016 6:39 PM, "Tyler Hicks" <<a href="mailto:tyhicks@canonical.com">tyhicks@canonical.com</a>> wrote: > > I took a look at how we can improve entropy on devices such as the > BeagleBone Black and Raspberry Pi 2. Lucky for us, both of those pieces > of hardware include a hardware random number generator (hwrng) that can > be used to feed random data into the kernel's random number entropy pool > (which is what's behind /dev/random and /dev/urandom). > > Shortly after booting the devices, I took a look at the bits of entropy > available on each device. > > ubuntu@bbb:~$ cat /proc/sys/kernel/random/entropy_avail > 165 > > ubuntu@rpi2:~$ cat /proc/sys/kernel/random/entropy_avail > 528 > > Those are the bits of entropy available out of a total poolsize of 4096 > bits. The BBB's number is very low while the RPI2 is only slightly > better. However, neither of them can generate an RSA-2048 bit GPG key > at this point due to /dev/random blocking. Keep in mind that this is > after the device is fully booted, connected to the network, and I've > ssh'ed in. The entropy levels are surely much lower before the network > is up. > > We can improve things by leveraging the hwrng devices. We can see what > hwrng sources are available by reading > /sys/class/misc/hw_random/rng_available: > > ubuntu@bbb:~$ cat /sys/class/misc/hw_random/rng_available > omap > > The BBB image loads the omap-rng kernel module during boot. Unfortunately, the > RPI2 image doesn't load the necessary kernel module for its hwrng. We'll > load it and then make sure its available: > > ubuntu@rpi2:~$ sudo modprobe bcm2708-rng > ubuntu@rpi2:~$ cat /sys/class/misc/hw_random/rng_available > bcm2708 > > Having a hwrng available doesn't mean that the kernel's random number > entropy pool is automatically fed. We need to use rngd, from rng-tools, > to read from /dev/hwrng and write to /dev/random. > > ubuntu@bbb:~$ cat /proc/sys/kernel/random/entropy_avail > 180 > ubuntu@bbb:~$ sudo ./rngd > ubuntu@bbb:~$ cat /proc/sys/kernel/random/entropy_avail > 3100 > > ubuntu@rpi2:~$ cat /proc/sys/kernel/random/entropy_avail > 544 > ubuntu@rpi2:~$ sudo ./rngd > ubuntu@rpi2:~$ cat /proc/sys/kernel/random/entropy_avail > 3097 > > Now we can easily generate keys without GPG blocking while reading from > /dev/random. rngd continues to feed random data into the kernel's > entropy pool while things such as key gen operations deplete the pool. > > rngd includes fitness tests to ensure that the numbers read from > /dev/hwrng look random, as defined by FIPS 140-2, before writing them to > /dev/random. > > There are some things that need to be done to leverage the hwrng in > these devices: > > 1) The RPI2 image needs to ensure that the bcm2708-rng kernel module is > loaded. > 2) We need to make rng-tools available. Would it be preferred that > rng-tools is seeded in core or should it be a snap that gadget > snaps, for devices that have a hwrng, can declare as a preinstall > dependency? I'd recommend a combined approach of (a) seeding the prng well, and (b) strongly recommending (requiring?) that gadget snaps enable the HW rng whenever possible. > Tyler > > -- > snappy-devel mailing list > <a href="mailto:snappy-devel@lists.ubuntu.com">snappy-devel@lists.ubuntu.com</a> > Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/snappy-devel">https://lists.ubuntu.com/mailman/listinfo/snappy-devel</a> >