[Bug 1983359] Re: [SRU] hwrng drivers missing in initrd.img

Steve Langasek 1983359 at bugs.launchpad.net
Sat Jun 17 00:16:22 UTC 2023 

Hello Heinrich, or anyone else affected,

Accepted initramfs-tools into jammy-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/initramfs-
tools/0.140ubuntu13.2 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
jammy to verification-done-jammy. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-jammy. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: initramfs-tools (Ubuntu Jammy)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1983359

Title:
  [SRU] hwrng drivers missing in initrd.img

Status in initramfs-tools package in Ubuntu:
  Fix Released
Status in initramfs-tools source package in Jammy:
  Fix Committed
Status in initramfs-tools source package in Kinetic:
  Fix Released

Bug description:
  [Impact]

  The initialization of the entropy buffer of the urandom device is
  critical for security.

  When booting Jammy 22.04.1 on QEMU riscv64 I see the following
  warnings:

  [   14.654546] random: lvm: uninitialized urandom read (4 bytes read)
  [   15.247995] random: lvm: uninitialized urandom read (2 bytes read)
  [   22.484719] random: lvm: uninitialized urandom read (4 bytes read)
  [   43.161846] random: lvmconfig: uninitialized urandom read (4 bytes read)
  [   48.862281] random: lvm: uninitialized urandom read (4 bytes read)

  Module virtio-rng.ko is missing in initrd.img.
  Adding virtio_rng to /etc/initramfs-tools/modules avoids the warnings.

  Hardware RNG drivers should generally be included in the initrd to
  provide early entropy.

  [Test case]

  To reproduce the issue:

  Install the prerequisites:
  sudo apt-get update
  sudo apt-get install opensbi qemu-system-misc u-boot-qemu

  Download https://old-
  releases.ubuntu.com/releases/22.04.1/ubuntu-22.04.1-preinstalled-
  server-riscv64+unmatched.img.xz.

  Decompress it with
  xz -d ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img.xz

  Run it in QEMU with

  qemu-system-riscv64 \
  -machine virt -nographic -m 2048 -smp 4 \
  -bios /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.bin \
  -kernel /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf \
  -device virtio-net-device,netdev=eth0 -netdev user,id=eth0 \
  -device virtio-rng-pci \
  -drive file=ubuntu-22.04.1-preinstalled-server-riscv64+unmatched.img,format=raw,if=virtio

  You can log into the system with user ubuntu, password ubuntu after
  seeing the message "Cloud-init v. 22.2-0ubuntu1~22.04.3 finished"

  Run 'sudo dmesg | grep 'uninitialized urandom'

  To test the fix:

  Update the initramfs-tools package.

  Run 'update-initramfs -k $(uname -r) -u' with MODULES=most (defined in
  /etc/initramfs-tools/initramfs.conf or in /etc/initramfs-
  tools/conf.d/*.conf)

  Unpack the initrd with 'unmkinitramfs /boot/initrd.img-$(uname -r)'

  Check that [main/]lib/modules/$(uname
  -r)/kernel/drivers/char/hw_random/ exists and contains kernel modules.
  When running on QEMU the relevant module is virtio-rng.ko.

  Reboot and check the kernel log by running 'sudo dmesg | grep
  'uninitialized urandom'.

  [Where problems could occur]

  Adding more drivers increases the size of the initrd. The larger
  initrd might not fit onto the boot partition. The total size of
  hw_random drivers on amd64 is less than 150 KiB so this seem
  improbable.

  [Other Info]

  n/a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1983359/+subscriptions

More information about the foundations-bugs mailing list