c5e60632e7
Closes: Debian bug #961733. - The version of Linux kernel supported in FreedomBox is from Debian Bookworm and that is 6.1, released on Sun, 11 Dec 2022[4][5]. - Around 2014, in Linux kernel version 5.4, a way to extract entropy from CPU execution jitter every second was implemented. This is similar to HAVAGE/havaged's approach[1][2]. This ensures that user space applications never hang indefinitely when entropy is not available. - Since 2020, /dev/random only blocks until it is initialized and after that never blocks. It provides cryptographically secure psuedo-random numbers after initialization (which is believed to be as good as blocking pool even for security sensitive applications). This the same behavior as getrandom() call[6]. This means that even on embedded systems, haveged is not necessary once the initialization of the random pool has been completed. - Since Feb/Mar 2022, /dev/urandom no longer provides insecure random numbers[3]. Earlier, if it was used before full initialization, it provided insecure random numbers. Now it blocks the caller until initialization and then provides cryptographically secure pseudo-random numbers. The initialization itself won't take too much time due to the "Jitter Dance" technique of extracting entropy from CPU execution jitter. The only way to request for insecure random number (without even blocking for 1 second) is to use getrandom(GRND_INSECURE) which systemd uses to initialize hash tables. This change was reverted because Jitter Dance did not work on several architectures including arm[3]. Later it was added back as an opportunistic approach, where secure random numbers would be provided by urandom if Jitter Dance worked. - Git repository for haveged mentions that it is less relevant now[7]. It also lists circumstances where haveged might still help (old kernels, user-space RNG, additional source of entry and early boot). Of these, only early boot scenario is of interest for us. - In summary, the understanding of relevance of haveged is as follows: Request Random Number --------------------- Is this during initialization of the random pool? No: - Linux never blocks after initialization. It uses CSPRNG now instead of blocking for entropy. Yes: Is this for secure purposes? No: - It does not block and provides insecure (or secure in most practical cases) numbers with getrandom(GRND_INSECURE), used by systemd hash tables, etc. Yes: Does the architecture provide hardware random numbers? Yes: - Use RDSEED (Intel/AMD) CPU instruction or HWRNG (SOCs) to initialize the random pool. - If on virtual machine, use virtio-rng, ACPI VM ID, etc. to initialize the random pool. No: Is this on architectures with time stamp counter? Yes: - The system will block for 1-2 seconds and provide secure random numbers using "Jitter Dance" (similar to haveged). - ARMv7 (Allwinner A20, etc.) the lowest ARM architecture we support, seems to have time stamp counters but we not sure kernel uses it and implements "Jitter Dance". No: - On urandom, The system will not block and provide insecure random numbers. This is as per the original definition of /dev/urandom. - The system will block until entropy is available through interrupts, etc. - haveged will likely not help here because it also requires time stamp counter provided by CPU. Links: 1) https://lwn.net/Articles/802360/ 2) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50ee7529ec45 3) https://www.zx2c4.com/projects/linux-rng-5.17-5.18/ 4) https://lkml.org/lkml/2022/12/11/206 5) https://packages.debian.org/search?searchon=names&keywords=linux-image-6.1.0 6) https://lwn.net/Articles/808575/ 7) https://github.com/jirka-h/haveged Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
FreedomBox Service (Plinth)
The core functionality and web front-end of FreedomBox.
Description
FreedomBox is a community project to develop, design and promote personal servers running free software for private, personal communications. It is a networking appliance designed to allow interfacing with the rest of the Internet under conditions of protected privacy and data security. It hosts applications such as blog, wiki, website, social network, email, web proxy and a Tor relay, on a device that can replace your Wi-Fi router, so that your data stays with you.
This module, called FreedomBox Service and also know as Plinth, is the core functionality and web interface to the functions of the FreedomBox. It is extensible and provides various applications of FreedomBox as modules. Each module or application provides simplified user interface to control the underlying functionality. As FreedomBox can act as a wireless router, it is possible to configure networking. It also allows configuration of basic system parameters such as time zone, hostname and automatic upgrades.
You can find more information about FreedomBox Service (Plinth) on the Plinth Wiki page, the FreedomBox Wiki and the FreedomBox Manual.
Getting Started
To have a running FreedomBox, first install Debian (Buster or higher) on a clean machine. Then run:
$ sudo apt install freedombox
Full instructions are available on FreedomBox Manual's QuickStart page.
For instructions on running the service on a local machine from source code, see INSTALL.md. For instructions on setting up for development purposes, see HACKING.md.
Contributing
See the HACKING.md file for contributing to FreedomBox Service (Plinth).
Localization
License
FreedomBox is distributed under the GNU Affero General Public License, Version 3 or later. A copy of AGPLv3 is available from the Free Software Foundation.