[OpenWrt-Devel] [PATCH 0/4] add μrngd: true RNG based on timing jitter

Rosen Penev rosenp at gmail.com
Mon May 27 22:19:53 EDT 2019 

On Mon, May 27, 2019 at 2:30 PM Petr Štetiar <ynezz at true.cz> wrote:
>
> Hi,
>
> this patch series fixes some of the current urandom-seed flaws and improves
> situation with low entropy in the kernel during the boot.
>
> First, simply writing to /dev/urandom does not increase the kernel's entropy
> count, this casuses processes obtaining randomness to block.  Particularly
> processes using OpenSSL's RAND_bytes() will block until the kernel emits
> 'random: crng init done'. This can take upwards of twenty minutes.
>
> According to random(4) the entropy count is only increased when using the
> RNDADDENTROPY ioctl, which urandom-seed currently doesn't use when feeding the
> kernel RNG.
>
> Second, urandom-seed is using /etc/urandom.seed file to seed the kernel's RNG
> machinery upon every boot. The problem is, that this file is created only once
> during first-boot and then reused on every consecutive boot, so pretty much
> static.
>
> So this patch series adds μrngd, which is a new micro non-physical true random
> number generator (system service) based on timing jitter. On devices which
> provide a reliable and precise enough timer, μrngd can provide sufficient
> entropy.
>
> μrngd is using the Jitter RNG core under the hood, which provides an entropy
> source that μrngd feeds into the Linux /dev/random device if its entropy runs
> low.  It updates the /dev/random entropy estimator such that the newly
> provided entropy unblocks /dev/random.
>
> The seeding of /dev/random also ensures that /dev/urandom benefits from
> entropy. Especially during boot time, when the entropy of Linux is low, the
> Jitter RNG based μrngd provides a source of sufficient entropy.
>
> Some RNG init time numbers from qca9563 (TP-Link Archer C7 v5):
>
>  [   12.045693] random: crng init done        (μrngd)
>  [  120.043132] random: crng init done        (urandom-seed)
>
> μrngd binary has 4579 bytes on ath79.
>
> I'm creating separate packages for getrandom and urandom-seed, so they can be
> removed easily on platforms where either μrngd or any other hardware based RNG
> provides good entropy. I'm not removing urandom-seed package from the
> defaults, because during the testing of μrngd I've found out, that for example
> MediaTek MT7620A ver:2 eco:6 (MIPS 24KEc V5.0) doesn't provide high precision
> timer which is needed for Jitter RNG so the initialization of Jitter RNG
> inside μrngd ends with following error:
>
>  jent-rng init failed, err: 2 (ECOARSETIME)
>
> so on such platforms it might still be probably better to stick to
> urandom-seed as a fallback. The Jitter RNG implements a startup test that is
> intended to detect non-appropriate timers. If it identifies such
> non-appropriate timers, the Jitter RNG will deactivate. Thus, the Jitter RNG
> always tries to reach a secure state.
>
> I believe, that μrngd is going to improve entropy situation on most of current
> platforms OpenWrt supports, so I would like to enable it as default.  Having
> another source of reliable noise in the system doesn't hurt, it only helps.
>
> I would like to note, that most of this stuff is based on the amazing work
> done[1] by Stephan Müller, I've just bend it over and packaged it for OpenWrt.
>
> 1. http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html
Tested this on both mt7621 and Turris Omnia. Works pretty well. Init
gets done fast.

The Turris people might want something like this or they need to fix
haveged to run earlier.
>
> Petr Štetiar (4):
>   urng: add micro non-physical true RNG based on timing jitter
>   ubox: move getrandom into separate getrandom package
>   base-files: move urandom seed bits into separate package
>   build: add urandom-seed and urngd to default packages set
>
>  include/target.mk                                  |  2 +-
>  package/base-files/Makefile                        | 11 ++++-
>  package/base-files/files/etc/init.d/urandom_seed   | 12 ------
>  .../base-files/files/lib/preinit/81_urandom_seed   | 24 -----------
>  package/base-files/files/sbin/urandom_seed         | 20 ---------
>  package/system/ubox/Makefile                       | 17 ++++++--
>  package/system/urandom-seed/Makefile               | 32 +++++++++++++++
>  .../urandom-seed/files/etc/init.d/urandom_seed     | 12 ++++++
>  .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 +++++++++++
>  .../system/urandom-seed/files/sbin/urandom_seed    | 20 +++++++++
>  package/system/urngd/Makefile                      | 48 ++++++++++++++++++++++
>  package/system/urngd/files/urngd.init              | 21 ++++++++++
>  12 files changed, 182 insertions(+), 61 deletions(-)
>  delete mode 100755 package/base-files/files/etc/init.d/urandom_seed
>  delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed
>  delete mode 100755 package/base-files/files/sbin/urandom_seed
>  create mode 100644 package/system/urandom-seed/Makefile
>  create mode 100755 package/system/urandom-seed/files/etc/init.d/urandom_seed
>  create mode 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed
>  create mode 100755 package/system/urandom-seed/files/sbin/urandom_seed
>  create mode 100644 package/system/urngd/Makefile
>  create mode 100644 package/system/urngd/files/urngd.init
>
> --
> 1.9.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list