rarias/nixos-riscv
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Use seedrng to increase entropy

Browse Source
This commit is contained in:
Rodrigo Arias 2024-09-26 11:05:24 +02:00
parent 9d1ad6f1b3
commit 7a875a4665
2 changed files with 85 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
JOURNAL.md
View File

@ -4124,3 +4124,77 @@ Interesting output:
- Report specific PLIC issues - Report specific PLIC issues
- Enable aux timer - Enable aux timer
- Broken RTC frequency. - Broken RTC frequency.
Thu, 26 Sep 2024 10:26:26 +0200
## 2024-09-26
The seedrng tool can add some entropy in the kernel from a saved seed in the FS.
The source is available here:
https://git.zx2c4.com/seedrng/tree/seedrng.c
But it seems to be included with busybox, so it should be already included in
our initrd:
~ # which seedrng
/nix/store/8a4i33qxnpwn0q7hs1vx3q5h4y2cym7n-extra-utils/bin/seedrng
~ # cat /proc/sys/kernel/random/entropy_avail
0
~ # seedrng
seedrng: can't create directory '/var/lib/seedrng': No such file or directory
~ # mkdir -p /var/lib/seedrng
~ # seedrng
Saving 256 bits of non-creditable seed for next boot
~ # cat /proc/sys/kernel/random/entropy_avail
0
~ # ls /var/lib/seedrng
seed.no-credit
~ # hexdump /var/lib/seedrng/seed.no-credit
0000000 caba 9c5c c19a 5b1a 97fc 0a2e a805 9608
0000010 d860 b3b9 4ade b781 ce23 2fce 19a5 d1b1
0000020
Okay, so now I can magically convert it into creditable seed:
~ # mv /var/lib/seedrng/seed.no-credit /var/lib/seedrng/seed.credit
~ # cat /proc/sys/kernel/random/entropy_avail
0
~ # seedrng
Seeding 256 bits and crediting
[ 135.171201] random: crng init done
Saving 256 bits of creditable seed for next boot
~ # cat /proc/sys/kernel/random/entropy_avail
256
Nice.
So, I can remove the jitter daemon and use this instead, assuming it won't go
down. It doesn't seem to go down:
~ # cat /proc/sys/kernel/random/entropy_avail
256
~ # hexdump -n $((1024*1024)) /dev/random > /dev/null
~ # cat /proc/sys/kernel/random/entropy_avail
256
Another option may be to use a fake HW RNG by pointing to the address of some
timer register:
https://github.com/torvalds/linux/blob/master/drivers/char/hw_random/timeriomem-rng.c
https://www.kernel.org/doc/Documentation/devicetree/bindings/rng/timeriomem_rng.txt
Let's try the seedrng approach first.
~ # seedrng -h
seedrng: invalid option -- 'h'
BusyBox v1.36.1 () multi-call binary.
Usage: seedrng [-d DIR] [-n]
Seed the kernel RNG from seed files
-d DIR Use seed files in DIR (default: /var/lib/seedrng)
-n Do not credit randomness, even if creditable
I can work with this.

14
lagarto-ox.nix
View File

@ -274,12 +274,20 @@
# while [ 1 ]; do xxd -s $((0x1bfff0000 - 0x60000000)) \ # while [ 1 ]; do xxd -s $((0x1bfff0000 - 0x60000000)) \
# -l 4 /dev/qdma34000-MM-1; sleep 0.2; done # -l 4 /dev/qdma34000-MM-1; sleep 0.2; done
preDeviceCommands = '' preDeviceCommands = ''
# Seed RNG
seedrng -d /tmp || true
mv /tmp/seed.no-credit /tmp/seed.credit || true
seedrng -d /tmp || true
echo "Available entropy: $(cat /proc/sys/kernel/random/entropy_avail)"
# Last chance to enter a shell
if read -t 3 -p 'Press enter for shell... '; then if read -t 3 -p 'Press enter for shell... '; then
ash allowShell=1
fail
fi fi
echo "Running tests..." # echo "Running tests..."
sh /testplic # sh /testplic
# echo "Creating a heartbeat counter at 0x1bfff0000" # echo "Creating a heartbeat counter at 0x1bfff0000"
# sh -c 'hb=0; while [ 1 ]; do let hb=$hb+1; devmem 0x1bfff0000 32 $hb; done' & # sh -c 'hb=0; while [ 1 ]; do let hb=$hb+1; devmem 0x1bfff0000 32 $hb; done' &