nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

d/control: Remove havged as it no longer relevant on latest kernels

Browse Source 
Closes: Debian bug #961733.

- The version of Linux kernel supported in FreedomBox is from Debian Bookworm
and that is 6.1, released on Sun, 11 Dec 2022[4][5].

- Around 2014, in Linux kernel version 5.4, a way to extract entropy from CPU
execution jitter every second was implemented. This is similar to
HAVAGE/havaged's approach[1][2]. This ensures that user space applications never
hang indefinitely when entropy is not available.

- Since 2020, /dev/random only blocks until it is initialized and after that
never blocks. It provides cryptographically secure psuedo-random numbers after
initialization (which is believed to be as good as blocking pool even for
security sensitive applications). This the same behavior as getrandom() call[6].
This means that even on embedded systems, haveged is not necessary once the
initialization of the random pool has been completed.

- Since Feb/Mar 2022, /dev/urandom no longer provides insecure random
numbers[3]. Earlier, if it was used before full initialization, it provided
insecure random numbers. Now it blocks the caller until initialization and then
provides cryptographically secure pseudo-random numbers. The initialization
itself won't take too much time due to the "Jitter Dance" technique of
extracting entropy from CPU execution jitter. The only way to request for
insecure random number (without even blocking for 1 second) is to use
getrandom(GRND_INSECURE) which systemd uses to initialize hash tables. This
change was reverted because Jitter Dance did not work on several architectures
including arm[3]. Later it was added back as an opportunistic approach, where
secure random numbers would be provided by urandom if Jitter Dance worked.

- Git repository for haveged mentions that it is less relevant now[7]. It also
lists circumstances where haveged might still help (old kernels, user-space RNG,
additional source of entry and early boot). Of these, only early boot scenario is
of interest for us.

- In summary, the understanding of relevance of haveged is as follows:

Request Random Number
---------------------
Is this during initialization of the random pool?
No:
  - Linux never blocks after initialization. It uses CSPRNG now instead of
  blocking for entropy.
Yes:
  Is this for secure purposes?
  No:
    - It does not block and provides insecure (or secure in most practical
    cases) numbers with getrandom(GRND_INSECURE), used by systemd hash tables,
    etc.
  Yes:
    Does the architecture provide hardware random numbers?
    Yes:
      - Use RDSEED (Intel/AMD) CPU instruction or HWRNG (SOCs) to initialize the
      random pool.
      - If on virtual machine, use virtio-rng, ACPI VM ID, etc. to initialize the
      random pool.
    No:
      Is this on architectures with time stamp counter?
      Yes:
        - The system will block for 1-2 seconds and provide secure random numbers
        using "Jitter Dance" (similar to haveged).
        - ARMv7 (Allwinner A20, etc.) the lowest ARM architecture we support,
        seems to have time stamp counters but we not sure kernel uses it and
        implements "Jitter Dance".
      No:
        - On urandom, The system will not block and provide insecure random
        numbers. This is as per the original definition of /dev/urandom.
        - The system will block until entropy is available through interrupts,
        etc.
        - haveged will likely not help here because it also requires time stamp
        counter provided by CPU.

Links:

1) https://lwn.net/Articles/802360/
2) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50ee7529ec45
3) https://www.zx2c4.com/projects/linux-rng-5.17-5.18/
4) https://lkml.org/lkml/2022/12/11/206
5) https://packages.debian.org/search?searchon=names&keywords=linux-image-6.1.0
6) https://lwn.net/Articles/808575/
7) https://github.com/jirka-h/haveged

Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
This commit is contained in:
Sunil Mohan Adapa 2024-08-18 17:16:42 -07:00 committed by Joseph Nuthalapati
parent e9914abebb
commit c5e60632e7
No known key found for this signature in database
GPG Key ID: 5398F00A2FA43C35
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -152,8 +152,6 @@ Recommends:
# FreedomBox documentation
freedombox-doc-en,
freedombox-doc-es,
# Provide entropy using HAVEGE algorithm
haveged,
# Monitor system resources
htop,
# Monitor network traffic statistics