Fixing getrandom()

Posted Sep 28, 2019 6:09 UTC (Sat) by alonz (subscriber, #815)
Parent article: Fixing getrandom()

In my opinion, a better solution would be to remove the automatic collection of entropy from the kernel at boot time, and require userspace to provide randomness (or to explicitly start the kernel randomness collection). And - make getrandom() (and /dev/{u,}random) return an error if they have no randomness to provide.

This would mean that a userspace that doesn't initialize randomness early enough will just fail, loudly and deterministically. So even the folks who try to “optimize boot time” by just removing boot-time items without thinking won't be able to build a broken system that boots but isn't secure.

Fixing getrandom()

Posted Oct 4, 2019 7:31 UTC (Fri) by kmeyer (subscriber, #50720) [Link]

I don't see what possible benefit removing kernel entropy collection might offer. Many kernel entropy sources simply aren't available to userspace. Additionally, the kernel is the logical place to pool entropy for the system; it outlives all ephemeral userspace programs.

As to the rest, the APIs you ask for already exist.

> make getrandom() (and /dev/{u,}random) return an error if they have no randomness to provide.

getrandom(1, GRND_NONBLOCK) ⇒ -1/EAGAIN; poll(/dev/random, POLLIN, 0) ⇒ 0.

> This would mean that a userspace that doesn't initialize randomness early enough will just fail, loudly and deterministically.

All you need to do is add one of the above checks and a printf() to your userspace init process to produce the loud warning.

> So even the folks who try to “optimize boot time” by just removing boot-time items without thinking won't be able to build a broken system that boots but isn't secure.

That is the status quo with correct use of getrandom().