* Seeding the Linux RNG at first boot [not found] ` <87wp20ydlj.fsf@fastmail.com> @ 2017-12-06 18:27 ` Leo Famulari 2017-12-07 21:07 ` Ludovic Courtès 0 siblings, 1 reply; 5+ messages in thread From: Leo Famulari @ 2017-12-06 18:27 UTC (permalink / raw) To: guix-devel [-- Attachment #1: Type: text/plain, Size: 938 bytes --] On Wed, Dec 06, 2017 at 12:11:36AM +0100, Marius Bakke wrote: > FWIW if you control the hypervisor, you can send something along the > lines of: > > qemu -device virtio-rng-pci,bus=pci.0,addr=0x1e,max-bytes=1024,period=1000 > > to feed the guest with entropy from the host through virtio, up to 1kB/s. Exactly, this is along the lines of what I'm thinking for `guix system vm`. On the guest side, we would extend urandom-seed-service to also draw on /dev/hwrng, which is where virtio-rng-pci makes the data from the host available. Currently there is the rngd-service-type, but that is doing something slightly different. Using /dev/hwrng to seed urandom could be done whenever it's enabled in the kernel. I have an idea for another improvement: to add an argument like "--entropy-seed=" to `guix system` that could place the value in '/var/lib/random-seed', where it would be used on first boot. Thoughts? [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Seeding the Linux RNG at first boot 2017-12-06 18:27 ` Seeding the Linux RNG at first boot Leo Famulari @ 2017-12-07 21:07 ` Ludovic Courtès 2017-12-07 23:47 ` Leo Famulari 0 siblings, 1 reply; 5+ messages in thread From: Ludovic Courtès @ 2017-12-07 21:07 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Wed, Dec 06, 2017 at 12:11:36AM +0100, Marius Bakke wrote: >> FWIW if you control the hypervisor, you can send something along the >> lines of: >> >> qemu -device virtio-rng-pci,bus=pci.0,addr=0x1e,max-bytes=1024,period=1000 >> >> to feed the guest with entropy from the host through virtio, up to 1kB/s. > > Exactly, this is along the lines of what I'm thinking for `guix system > vm`. > > On the guest side, we would extend urandom-seed-service to also draw on > /dev/hwrng, which is where virtio-rng-pci makes the data from the host > available. Maybe ‘virtualized-operating-system’ in (gnu system vm) could automatically customize ‘rngd-service-type’ (or add it)? > Currently there is the rngd-service-type, but that is doing something > slightly different. Using /dev/hwrng to seed urandom could be done > whenever it's enabled in the kernel. > > I have an idea for another improvement: to add an argument like > "--entropy-seed=" to `guix system` that could place the value in > '/var/lib/random-seed', where it would be used on first boot. We could do that, though I very much prefer the idea of a “backdoor” à la virtio-rng-pci, because it allows to stick to bit-reproducible images (well, they’re not bit-reproducible yet I suppose, but let’s not add to it.) WDYT? Ludo’. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Seeding the Linux RNG at first boot 2017-12-07 21:07 ` Ludovic Courtès @ 2017-12-07 23:47 ` Leo Famulari 2017-12-11 9:16 ` Ludovic Courtès 0 siblings, 1 reply; 5+ messages in thread From: Leo Famulari @ 2017-12-07 23:47 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 1609 bytes --] On Thu, Dec 07, 2017 at 10:07:38PM +0100, Ludovic Courtès wrote: > Leo Famulari <leo@famulari.name> skribis: > > On the guest side, we would extend urandom-seed-service to also draw on > > /dev/hwrng, which is where virtio-rng-pci makes the data from the host > > available. > > Maybe ‘virtualized-operating-system’ in (gnu system vm) could > automatically customize ‘rngd-service-type’ (or add it)? Yes, we could do that, although I don't think it's necessary to run a daemon continuously. It is enough to seed the RNG once. At the same time we handle the random seed, we could also try reading from /dev/hwrng and, if the read is successful, copy some bytes into /dev/urandom. We'd have to try reading and handle failure since we always create /dev/hwrng regardless of whether the Linux kernel module is loaded or not. > > I have an idea for another improvement: to add an argument like > > "--entropy-seed=" to `guix system` that could place the value in > > '/var/lib/random-seed', where it would be used on first boot. > > We could do that, though I very much prefer the idea of a “backdoor” à > la virtio-rng-pci, because it allows to stick to bit-reproducible images > (well, they’re not bit-reproducible yet I suppose, but let’s not add to > it.) I think it would be most useful for disk images, for which there is no host. If one always passes the same value to --entropy-seed, it will not negatively affect the reproducibility of the image ;) This would not be something we do for the official release image, but merely an optional tool. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Seeding the Linux RNG at first boot 2017-12-07 23:47 ` Leo Famulari @ 2017-12-11 9:16 ` Ludovic Courtès 2017-12-11 16:08 ` Leo Famulari 0 siblings, 1 reply; 5+ messages in thread From: Ludovic Courtès @ 2017-12-11 9:16 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Thu, Dec 07, 2017 at 10:07:38PM +0100, Ludovic Courtès wrote: >> Leo Famulari <leo@famulari.name> skribis: >> > On the guest side, we would extend urandom-seed-service to also draw on >> > /dev/hwrng, which is where virtio-rng-pci makes the data from the host >> > available. >> >> Maybe ‘virtualized-operating-system’ in (gnu system vm) could >> automatically customize ‘rngd-service-type’ (or add it)? > > Yes, we could do that, although I don't think it's necessary to run a > daemon continuously. It is enough to seed the RNG once. > > At the same time we handle the random seed, we could also try reading > from /dev/hwrng and, if the read is successful, copy some bytes into > /dev/urandom. We'd have to try reading and handle failure since we > always create /dev/hwrng regardless of whether the Linux kernel module > is loaded or not. OK. >> > I have an idea for another improvement: to add an argument like >> > "--entropy-seed=" to `guix system` that could place the value in >> > '/var/lib/random-seed', where it would be used on first boot. >> >> We could do that, though I very much prefer the idea of a “backdoor” à >> la virtio-rng-pci, because it allows to stick to bit-reproducible images >> (well, they’re not bit-reproducible yet I suppose, but let’s not add to >> it.) > > I think it would be most useful for disk images, for which there is no > host. OK, in that case the “backdoor” isn’t an option. > If one always passes the same value to --entropy-seed, it will not > negatively affect the reproducibility of the image ;) > > This would not be something we do for the official release image, but > merely an optional tool. Yeah it’d be OK to add this as an option. When the option is present, ‘guix system’ would hook into the VM creation code somehow, or to extend ‘activation-service-type’ with code to create the file. Maybe we could provide a more generic --copy-file=SOURCE[=DEST] option? Like --copy-file=./my-seed=/var/lib/random-seed or --copy-file=$HOME/.ssh/authorized_keys. Thoughts? Ludo’. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Seeding the Linux RNG at first boot 2017-12-11 9:16 ` Ludovic Courtès @ 2017-12-11 16:08 ` Leo Famulari 0 siblings, 0 replies; 5+ messages in thread From: Leo Famulari @ 2017-12-11 16:08 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 1224 bytes --] On Mon, Dec 11, 2017 at 10:16:42AM +0100, Ludovic Courtès wrote: > Leo Famulari <leo@famulari.name> skribis: > > At the same time we handle the random seed, we could also try reading > > from /dev/hwrng and, if the read is successful, copy some bytes into > > /dev/urandom. We'd have to try reading and handle failure since we > > always create /dev/hwrng regardless of whether the Linux kernel module > > is loaded or not. > > OK. Okay, I'll work on adding this to the urandom-seed-service. > > If one always passes the same value to --entropy-seed, it will not > > negatively affect the reproducibility of the image ;) > > > > This would not be something we do for the official release image, but > > merely an optional tool. > > Yeah it’d be OK to add this as an option. > > When the option is present, ‘guix system’ would hook into the VM > creation code somehow, or to extend ‘activation-service-type’ with code > to create the file. > > Maybe we could provide a more generic --copy-file=SOURCE[=DEST] option? > Like --copy-file=./my-seed=/var/lib/random-seed or > --copy-file=$HOME/.ssh/authorized_keys. > > Thoughts? That sounds good to me. I'll try implementing it. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-12-11 16:08 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <20171203003126.GA353@jasmine.lan> [not found] ` <f238b944-2f7d-5063-2996-d234647a97a9@tobias.gr> [not found] ` <20171204184558.GF30970@jasmine.lan> [not found] ` <87wp20ydlj.fsf@fastmail.com> 2017-12-06 18:27 ` Seeding the Linux RNG at first boot Leo Famulari 2017-12-07 21:07 ` Ludovic Courtès 2017-12-07 23:47 ` Leo Famulari 2017-12-11 9:16 ` Ludovic Courtès 2017-12-11 16:08 ` Leo Famulari
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).