Improving available entropy

Tyler Hicks tyhicks at canonical.com
Sat Feb 6 00:39:40 UTC 2016 

I took a look at how we can improve entropy on devices such as the
BeagleBone Black and Raspberry Pi 2. Lucky for us, both of those pieces
of hardware include a hardware random number generator (hwrng) that can
be used to feed random data into the kernel's random number entropy pool
(which is what's behind /dev/random and /dev/urandom).

Shortly after booting the devices, I took a look at the bits of entropy
available on each device.

  ubuntu at bbb:~$ cat /proc/sys/kernel/random/entropy_avail
  165

  ubuntu at rpi2:~$ cat /proc/sys/kernel/random/entropy_avail
  528

Those are the bits of entropy available out of a total poolsize of 4096
bits. The BBB's number is very low while the RPI2 is only slightly
better. However, neither of them can generate an RSA-2048 bit GPG key
at this point due to /dev/random blocking. Keep in mind that this is
after the device is fully booted, connected to the network, and I've
ssh'ed in. The entropy levels are surely much lower before the network
is up.

We can improve things by leveraging the hwrng devices. We can see what
hwrng sources are available by reading
/sys/class/misc/hw_random/rng_available:

  ubuntu at bbb:~$ cat /sys/class/misc/hw_random/rng_available
  omap 

The BBB image loads the omap-rng kernel module during boot. Unfortunately, the
RPI2 image doesn't load the necessary kernel module for its hwrng. We'll
load it and then make sure its available:

  ubuntu at rpi2:~$ sudo modprobe bcm2708-rng
  ubuntu at rpi2:~$ cat /sys/class/misc/hw_random/rng_available 
  bcm2708 

Having a hwrng available doesn't mean that the kernel's random number
entropy pool is automatically fed. We need to use rngd, from rng-tools,
to read from /dev/hwrng and write to /dev/random.

  ubuntu at bbb:~$ cat /proc/sys/kernel/random/entropy_avail
  180
  ubuntu at bbb:~$ sudo ./rngd
  ubuntu at bbb:~$ cat /proc/sys/kernel/random/entropy_avail
  3100

  ubuntu at rpi2:~$ cat /proc/sys/kernel/random/entropy_avail
  544
  ubuntu at rpi2:~$ sudo ./rngd
  ubuntu at rpi2:~$ cat /proc/sys/kernel/random/entropy_avail
  3097

Now we can easily generate keys without GPG blocking while reading from
/dev/random. rngd continues to feed random data into the kernel's
entropy pool while things such as key gen operations deplete the pool.

rngd includes fitness tests to ensure that the numbers read from
/dev/hwrng look random, as defined by FIPS 140-2, before writing them to
/dev/random.

There are some things that need to be done to leverage the hwrng in
these devices:

 1) The RPI2 image needs to ensure that the bcm2708-rng kernel module is
    loaded.
 2) We need to make rng-tools available. Would it be preferred that
    rng-tools is seeded in core or should it be a snap that gadget
    snaps, for devices that have a hwrng, can declare as a preinstall
    dependency?

Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160205/0b7d4591/attachment.pgp>

More information about the snappy-devel mailing list