guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Seeding the Linux RNG at first boot

From: Ludovic Courtès
Subject: Re: Seeding the Linux RNG at first boot
Date: Mon, 11 Dec 2017 10:16:42 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) 
Leo Famulari <address@hidden> skribis:

> On Thu, Dec 07, 2017 at 10:07:38PM +0100, Ludovic Courtès wrote:
>> Leo Famulari <address@hidden> skribis:
>> > On the guest side, we would extend urandom-seed-service to also draw on
>> > /dev/hwrng, which is where virtio-rng-pci makes the data from the host
>> > available.
>> 
>> Maybe ‘virtualized-operating-system’ in (gnu system vm) could
>> automatically customize ‘rngd-service-type’ (or add it)?
>
> Yes, we could do that, although I don't think it's necessary to run a
> daemon continuously. It is enough to seed the RNG once.
>
> At the same time we handle the random seed, we could also try reading
> from /dev/hwrng and, if the read is successful, copy some bytes into
> /dev/urandom. We'd have to try reading and handle failure since we
> always create /dev/hwrng regardless of whether the Linux kernel module
> is loaded or not.

OK.

>> > I have an idea for another improvement: to add an argument like
>> > "--entropy-seed=" to `guix system` that could place the value in
>> > '/var/lib/random-seed', where it would be used on first boot.
>> 
>> We could do that, though I very much prefer the idea of a “backdoor” à
>> la virtio-rng-pci, because it allows to stick to bit-reproducible images
>> (well, they’re not bit-reproducible yet I suppose, but let’s not add to
>> it.)
>
> I think it would be most useful for disk images, for which there is no
> host.

OK, in that case the “backdoor” isn’t an option.

> If one always passes the same value to --entropy-seed, it will not
> negatively affect the reproducibility of the image ;)
>
> This would not be something we do for the official release image, but
> merely an optional tool.

Yeah it’d be OK to add this as an option.

When the option is present, ‘guix system’ would hook into the VM
creation code somehow, or to extend ‘activation-service-type’ with code
to create the file.

Maybe we could provide a more generic --copy-file=SOURCE[=DEST] option?
Like --copy-file=./my-seed=/var/lib/random-seed or
--copy-file=$HOME/.ssh/authorized_keys.

Thoughts?

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]