On Mon, 09 Dec 2013 10:53:20 +0100, Tijs Van Buggenhout wrote: > On Monday 18 November 2013 19:29:17 mancha wrote: >> Hauke Mehrtens <hauke <at> hauke-m.de> writes: >> > On 10/17/2013 05:40 PM, chrono wrote: >> > > Ahoi everyone, >> > > >> > > it was requested on IRC that I send my solution to the entropy >> > > problem with the current kernel (e.g. having 0 available entropy): >> > > >> > > root <at> OpenWrt:/# cat /proc/sys/kernel/random/entropy_avail 0 >> > >> > A similar patch was applied to trunk in r38834. >> > >> > Hauke >> >> I provided this backport patch to #openwrt on freenode last week. I am >> glad it was included in trunk. >> >> Two important clarifications: >> >> 1. The original poster applies his patch to kernel 3.3.8 (it seems) yet >> the interface that makes use of get_cycles() in seeding the random >> pool wasn't introduced until 3.6. The patch on pre-3.6 kernels >> effectively does nothing entropy-wise. Without more comprehensive >> backports, there is no similar simple solution for Attitude. > > This seems not entirely accurate, as AA has a backport patch for the > generic 3.3.8 kernel to add 'add_device_randomness', see > target/linux/generic/patches-3.3/050-rng_git_backport.patch > > Would there be anything else needed?
I hadn't seen the AA patch that adds the add_device_randomness() interface. This would have no effective impact without callers. Fortunately, the patch also backports commits which add callers to the usb subsystem (only applicable for embedded systems with usb support) and the network subsystem. Given this good news, I amend point #1. MIPS archs for which generic 3.3 patches apply on AA (is that all of them?) would indeed benefit from adding the MIPS get_cycles() patch. Once added to AA, HW event-triggered entropy pool initialization on applicable MIPS archs would not just use HW specific values (e.g. usb serial/product/vendor, MAC, etc.) and jiffies, but also the high-resolution timer from get_cycles(). Improvements in entropy pool intialization protect against initial state attacks on the kernel RNG. --mancha > >> 2. You aren't going to see /proc/sys/kernel/random/entropy_avail >> affected by this patch because the machine/boot specific seeding >> does not credit the entropy count. >> >> --mancha _______________________________________________ >> openwrt-devel mailing list openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > > Tijs _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
