Home_greyopenFATE - openSUSE feature tracking > #306591
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

entropy daemons in 11.2

Feature state

openSUSE-11.2
Rejected Information
openSUSE-11.3
Rejected Information
openSUSE-11.4
Done

Description

Headless and diskless servers with limited input have relied on entropy added by interrupts flagged with IRQF_SAMPLE_RANDOM. However, this feature will be disappearing from the Kernel soon.

One solution is to run a daemon to add entropy from userspace to the pool. Example daemons can be found here:

11.2 should provide these or similar daemons as options for users who require additional entropy sources to keep /dev/random from blocking on read.

The Kernel thread discussing this thread can be found here:

 http://lkml.org/lkml/2009/4/6/283

commit 9d9b8fb0e5ebf4b0398e579f6061d4451fea3242 
What: IRQF_SAMPLE_RANDOM
Check: IRQF_SAMPLE_RANDOM
When: July 2009
Why: Many of IRQF_SAMPLE_RANDOM users are technically bogus as entropy
sources in the kernel's current entropy model. To resolve this, every
input point to the kernel's entropy pool needs to better document the
type of entropy source it actually is. This will be replaced with
additional add_*_randomness functions in drivers/char/random.c
Who: Robin Getz & Matt Mackall

Discussion


icons/user_comment.png A. J. wrote: (8 years ago)

This looks to me like a feature where some volunteer could package this in the build service. Any takers?

icons/user_comment.png B. P. wrote: (8 years ago)

I forgot to note that a solution like this will eventually be needed in SLES too. See FATE#305944

icons/user_comment.png F. A. wrote: (8 years ago)

remember there is VIA C-7 & nano "PADLOCK" crypto hardware in CPU & netbooks, featuring an on-die industrial grade PRNG random source. It will be difficult to beat it's effiency & quality, which is already scrutinized by independent researchers. 

icons/user_comment.png R. D. wrote: (8 years ago)

Done a little pilot work on this - have asked for comments on mail list http://lists.opensuse.org/opensuse-kernel/2009-12/msg00009.html

icons/user_comment.png B. F. wrote: (7 years ago)

there's some sort of in obs now ( I'm using entropy_timer for a foreign server )

allowing a constant ~4K of entropy, without this entropy could goes down to <100.

webpin could drive you to the mentionned package.

I'm agree with Franka8 comment, if hardware source exist it would be better. But having some capable daemon is a sort of fault back, and is better than nothing

icons/user_comment.png P. R. wrote: (7 years ago)

Packages are already in "security" project:

* audio-entropyd

* timer-entropyd

* video-entropyd

icons/user_comment.png C. R. wrote: (7 years ago)

Implemented in 11.4, haveged can be installed.

icons/user_comment.png B. F. wrote: (7 years ago)

Seems there also haveged available for 11.3 from this one

http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_11.3/

Last change: 7 years ago
Voting
Score: 7
  • Negative: 0
  • Neutral: 0
  • Positive: 7
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint