From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Seeding the Linux RNG at first boot Date: Mon, 11 Dec 2017 10:16:42 +0100 Message-ID: <87mv2p62v9.fsf@gnu.org> References: <20171203003126.GA353@jasmine.lan> <20171204184558.GF30970@jasmine.lan> <87wp20ydlj.fsf@fastmail.com> <20171206182711.GB2612@jasmine.lan> <87indickmd.fsf@gnu.org> <20171207234749.GA22844@jasmine.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46113) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eOKCf-0005c6-Ms for guix-devel@gnu.org; Mon, 11 Dec 2017 04:16:54 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eOKCc-0007c2-IL for guix-devel@gnu.org; Mon, 11 Dec 2017 04:16:49 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:48689) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eOKCc-0007aU-An for guix-devel@gnu.org; Mon, 11 Dec 2017 04:16:46 -0500 In-Reply-To: <20171207234749.GA22844@jasmine.lan> (Leo Famulari's message of "Thu, 7 Dec 2017 18:47:49 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari skribis: > On Thu, Dec 07, 2017 at 10:07:38PM +0100, Ludovic Court=C3=A8s wrote: >> Leo Famulari skribis: >> > On the guest side, we would extend urandom-seed-service to also draw on >> > /dev/hwrng, which is where virtio-rng-pci makes the data from the host >> > available. >>=20 >> Maybe =E2=80=98virtualized-operating-system=E2=80=99 in (gnu system vm) = could >> automatically customize =E2=80=98rngd-service-type=E2=80=99 (or add it)? > > Yes, we could do that, although I don't think it's necessary to run a > daemon continuously. It is enough to seed the RNG once. > > At the same time we handle the random seed, we could also try reading > from /dev/hwrng and, if the read is successful, copy some bytes into > /dev/urandom. We'd have to try reading and handle failure since we > always create /dev/hwrng regardless of whether the Linux kernel module > is loaded or not. OK. >> > I have an idea for another improvement: to add an argument like >> > "--entropy-seed=3D" to `guix system` that could place the value in >> > '/var/lib/random-seed', where it would be used on first boot. >>=20 >> We could do that, though I very much prefer the idea of a =E2=80=9Cbackd= oor=E2=80=9D =C3=A0 >> la virtio-rng-pci, because it allows to stick to bit-reproducible images >> (well, they=E2=80=99re not bit-reproducible yet I suppose, but let=E2=80= =99s not add to >> it.) > > I think it would be most useful for disk images, for which there is no > host. OK, in that case the =E2=80=9Cbackdoor=E2=80=9D isn=E2=80=99t an option. > If one always passes the same value to --entropy-seed, it will not > negatively affect the reproducibility of the image ;) > > This would not be something we do for the official release image, but > merely an optional tool. Yeah it=E2=80=99d be OK to add this as an option. When the option is present, =E2=80=98guix system=E2=80=99 would hook into t= he VM creation code somehow, or to extend =E2=80=98activation-service-type=E2=80= =99 with code to create the file. Maybe we could provide a more generic --copy-file=3DSOURCE[=3DDEST] option? Like --copy-file=3D./my-seed=3D/var/lib/random-seed or --copy-file=3D$HOME/.ssh/authorized_keys. Thoughts? Ludo=E2=80=99.