[PATCH 0/4] add μrngd: true RNG based on timing jitter

Petr Štetiar ynezz at true.cz
Mon May 27 17:29:40 EDT 2019


this patch series fixes some of the current urandom-seed flaws and improves
situation with low entropy in the kernel during the boot.

First, simply writing to /dev/urandom does not increase the kernel's entropy
count, this casuses processes obtaining randomness to block.  Particularly
processes using OpenSSL's RAND_bytes() will block until the kernel emits
'random: crng init done'. This can take upwards of twenty minutes.

According to random(4) the entropy count is only increased when using the
RNDADDENTROPY ioctl, which urandom-seed currently doesn't use when feeding the
kernel RNG.

Second, urandom-seed is using /etc/urandom.seed file to seed the kernel's RNG
machinery upon every boot. The problem is, that this file is created only once
during first-boot and then reused on every consecutive boot, so pretty much

So this patch series adds μrngd, which is a new micro non-physical true random
number generator (system service) based on timing jitter. On devices which
provide a reliable and precise enough timer, μrngd can provide sufficient

μrngd is using the Jitter RNG core under the hood, which provides an entropy
source that μrngd feeds into the Linux /dev/random device if its entropy runs
low.  It updates the /dev/random entropy estimator such that the newly
provided entropy unblocks /dev/random.

The seeding of /dev/random also ensures that /dev/urandom benefits from
entropy. Especially during boot time, when the entropy of Linux is low, the
Jitter RNG based μrngd provides a source of sufficient entropy.

Some RNG init time numbers from qca9563 (TP-Link Archer C7 v5):

 [   12.045693] random: crng init done        (μrngd)
 [  120.043132] random: crng init done        (urandom-seed)

μrngd binary has 4579 bytes on ath79.

I'm creating separate packages for getrandom and urandom-seed, so they can be
removed easily on platforms where either μrngd or any other hardware based RNG
provides good entropy. I'm not removing urandom-seed package from the
defaults, because during the testing of μrngd I've found out, that for example
MediaTek MT7620A ver:2 eco:6 (MIPS 24KEc V5.0) doesn't provide high precision
timer which is needed for Jitter RNG so the initialization of Jitter RNG
inside μrngd ends with following error:

 jent-rng init failed, err: 2 (ECOARSETIME)

so on such platforms it might still be probably better to stick to
urandom-seed as a fallback. The Jitter RNG implements a startup test that is
intended to detect non-appropriate timers. If it identifies such
non-appropriate timers, the Jitter RNG will deactivate. Thus, the Jitter RNG
always tries to reach a secure state.

I believe, that μrngd is going to improve entropy situation on most of current
platforms OpenWrt supports, so I would like to enable it as default.  Having
another source of reliable noise in the system doesn't hurt, it only helps.

I would like to note, that most of this stuff is based on the amazing work
done[1] by Stephan Müller, I've just bend it over and packaged it for OpenWrt.

1. http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html

Petr Štetiar (4):
  urng: add micro non-physical true RNG based on timing jitter
  ubox: move getrandom into separate getrandom package
  base-files: move urandom seed bits into separate package
  build: add urandom-seed and urngd to default packages set

 include/target.mk                                  |  2 +-
 package/base-files/Makefile                        | 11 ++++-
 package/base-files/files/etc/init.d/urandom_seed   | 12 ------
 .../base-files/files/lib/preinit/81_urandom_seed   | 24 -----------
 package/base-files/files/sbin/urandom_seed         | 20 ---------
 package/system/ubox/Makefile                       | 17 ++++++--
 package/system/urandom-seed/Makefile               | 32 +++++++++++++++
 .../urandom-seed/files/etc/init.d/urandom_seed     | 12 ++++++
 .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 +++++++++++
 .../system/urandom-seed/files/sbin/urandom_seed    | 20 +++++++++
 package/system/urngd/Makefile                      | 48 ++++++++++++++++++++++
 package/system/urngd/files/urngd.init              | 21 ++++++++++
 12 files changed, 182 insertions(+), 61 deletions(-)
 delete mode 100755 package/base-files/files/etc/init.d/urandom_seed
 delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed
 delete mode 100755 package/base-files/files/sbin/urandom_seed
 create mode 100644 package/system/urandom-seed/Makefile
 create mode 100755 package/system/urandom-seed/files/etc/init.d/urandom_seed
 create mode 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed
 create mode 100755 package/system/urandom-seed/files/sbin/urandom_seed
 create mode 100644 package/system/urngd/Makefile
 create mode 100644 package/system/urngd/files/urngd.init


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list