From 7a875a4665145fc171e6d13ad6f6d7e255866e02 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Thu, 26 Sep 2024 11:05:24 +0200
Subject: [PATCH] Use seedrng to increase entropy

---
 JOURNAL.md     | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
 lagarto-ox.nix | 14 ++++++++--
 2 files changed, 85 insertions(+), 3 deletions(-)

diff --git a/JOURNAL.md b/JOURNAL.md
index fc95c45..b899bd5 100644
--- a/JOURNAL.md
+++ b/JOURNAL.md
@@ -4124,3 +4124,77 @@ Interesting output:
 - Report specific PLIC issues
 - Enable aux timer
 - Broken RTC frequency.
+
+Thu, 26 Sep 2024 10:26:26 +0200
+
+## 2024-09-26
+
+The seedrng tool can add some entropy in the kernel from a saved seed in the FS.
+The source is available here:
+
+https://git.zx2c4.com/seedrng/tree/seedrng.c
+
+But it seems to be included with busybox, so it should be already included in
+our initrd:
+
+    ~ # which seedrng
+    /nix/store/8a4i33qxnpwn0q7hs1vx3q5h4y2cym7n-extra-utils/bin/seedrng
+    ~ # cat /proc/sys/kernel/random/entropy_avail
+    0
+    ~ # seedrng
+    seedrng: can't create directory '/var/lib/seedrng': No such file or directory
+    ~ # mkdir -p /var/lib/seedrng
+    ~ # seedrng
+    Saving 256 bits of non-creditable seed for next boot
+    ~ # cat /proc/sys/kernel/random/entropy_avail
+    0
+    ~ # ls /var/lib/seedrng
+    seed.no-credit
+    ~ # hexdump /var/lib/seedrng/seed.no-credit
+    0000000 caba 9c5c c19a 5b1a 97fc 0a2e a805 9608
+    0000010 d860 b3b9 4ade b781 ce23 2fce 19a5 d1b1
+    0000020
+
+Okay, so now I can magically convert it into creditable seed:
+
+    ~ # mv /var/lib/seedrng/seed.no-credit /var/lib/seedrng/seed.credit
+    ~ # cat /proc/sys/kernel/random/entropy_avail
+    0
+    ~ # seedrng
+    Seeding 256 bits and crediting
+    [  135.171201] random: crng init done
+    Saving 256 bits of creditable seed for next boot
+    ~ # cat /proc/sys/kernel/random/entropy_avail
+    256
+
+Nice.
+
+So, I can remove the jitter daemon and use this instead, assuming it won't go
+down. It doesn't seem to go down:
+
+    ~ # cat /proc/sys/kernel/random/entropy_avail
+    256
+    ~ # hexdump -n $((1024*1024)) /dev/random > /dev/null
+    ~ # cat /proc/sys/kernel/random/entropy_avail
+    256
+
+Another option may be to use a fake HW RNG by pointing to the address of some
+timer register:
+
+    https://github.com/torvalds/linux/blob/master/drivers/char/hw_random/timeriomem-rng.c
+    https://www.kernel.org/doc/Documentation/devicetree/bindings/rng/timeriomem_rng.txt
+
+Let's try the seedrng approach first.
+
+    ~ # seedrng -h
+    seedrng: invalid option -- 'h'
+    BusyBox v1.36.1 () multi-call binary.
+
+    Usage: seedrng [-d DIR] [-n]
+
+    Seed the kernel RNG from seed files
+
+        -d DIR	Use seed files in DIR (default: /var/lib/seedrng)
+        -n	Do not credit randomness, even if creditable
+
+I can work with this.
diff --git a/lagarto-ox.nix b/lagarto-ox.nix
index 94710ee..3a760eb 100644
--- a/lagarto-ox.nix
+++ b/lagarto-ox.nix
@@ -274,12 +274,20 @@
       # while [ 1 ]; do xxd -s $((0x1bfff0000 - 0x60000000)) \
       #   -l 4 /dev/qdma34000-MM-1; sleep 0.2; done
       preDeviceCommands = ''
+        # Seed RNG
+        seedrng -d /tmp || true
+        mv /tmp/seed.no-credit /tmp/seed.credit || true
+        seedrng -d /tmp || true
+        echo "Available entropy: $(cat /proc/sys/kernel/random/entropy_avail)"
+
+        # Last chance to enter a shell
         if read -t 3 -p 'Press enter for shell... '; then
-          ash
+          allowShell=1
+          fail
         fi
 
-        echo "Running tests..."
-        sh /testplic
+        # echo "Running tests..."
+        # sh /testplic
 
         # echo "Creating a heartbeat counter at 0x1bfff0000"
         # sh -c 'hb=0; while [ 1 ]; do let hb=$hb+1; devmem 0x1bfff0000 32 $hb; done' &