On Do, 18.04.19 09:16, stan (upaitag@xxxxxxxx) wrote: > On Thu, 18 Apr 2019 10:22:27 +0200 > Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > > > On Mi, 17.04.19 11:29, Japheth Cleaver (cleaver@xxxxxxxxxxxxxx) wrote: > > > > This seems like a false dichotomy, no? Surely, things like this are > > > a possibility: > > > https://lists.freedesktop.org/archives/systemd-devel/2010-September/000225.html > > > > That too means the service gets started after the init system is up, > > and the init system already requires entropy, so it's pointless. > > On shutdown the existing entropy is stored for use at startup (it is > still entropy on restart if an attacker hasn't seen it). So, if init > uses that entropy and depletes it, it would be a positive to restore it > as soon as possible. That is pretty late: it's systemd-random-seed.service that does that and it runs after /var is mounted writable, which is relatively late in the early-boot phase. Moreover we don't credit entropy when writing the seed back into the kernel, since it's not safe to do so in the general case, as people frequently deploy the same pre-built image on multiple systems and tend to forget to invalidate the saved seed then. And all images that come up with the same saved seed would have the same entropy pool initially hence the excercsie would be pointless. There has been work on making this opt-in (https://github.com/systemd/systemd/pull/10621) but this has stalled since. If anyone wants to resurrect that, please do. However, regardless whether s-r-s.s credits entropy or does not: it runs too late: there are plenty entropy users running before that that need to wait for the pool to be filled. And we can't really move s-r-s.s earlier. [And also: the concept of "depleting" the entropy pool is a misconception. This doesn't happen if people use the APIs correctly, i.e. /dev/urandom instead of /dev/random (or their getrandom() equivalents). The kernel documentation calls /dev/random a "legacy interface" for a reason (see http://man7.org/linux/man-pages/man4/urandom.4.html). Once the entropy pool is filled it is filled for good, if /dev/urandom is used.] (BTW: in case you wonder why we wait for /var being writable before s-r-s.s is run: that's because we need to invalidate the old stored seed when you use it, so that it is never reused again. This means we need to overwrite the seed file when we use it.) Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
