2018-05-02 01:08:09 UTC
There's an ongoing discussion @ lkml about early boot random number
entropy, or the lack of it, and how it may hang systemd-using instances
from booting indefinitely.
Ted Ts'o is questioning the validity of journal-authenticate's early
random number usage, maybe some of you care to comment.
Please find the forwarded message below.
----- Forwarded message from "Theodore Y. Ts'o" <***@mit.edu> -----
Date: Tue, 1 May 2018 20:56:04 -0400
From: "Theodore Y. Ts'o" <***@mit.edu>
To: Sultan Alsawaf <***@gmail.com>
Cc: Justin Forbes <***@linuxtx.org>, Jeremy Cline <***@jcline.org>, Pavel
Machek <***@ucw.cz>, LKML <email@example.com>, Jann Horn
Subject: Re: Linux messages full of `random: get_random_u32 called from`
User-Agent: Mutt/1.9.5 (2018-04-13)
On Tue, May 01, 2018 at 05:43:17PM -0700, Sultan Alsawaf wrote:
> I've attached what I think is a reasonable stopgap solution until this is
> actually fixed. If you're willing to revert the CVE-2018-1108 patches
> completely, then I don't think you'll mind using this patch in the meantime.
I would put it slightly differently; reverting the CVE-2018-1108
patches is less dangerous than what you are proposing in your attached
Again, I think the right answer is to fix userspace to not require
cryptographic grade entropy during early system startup, and for
people to *think* about what they are doing. I've looked at the
systemd's use of hmac in journal-authenticate, and as near as I can
tell, there isn't any kind of explanation about why it was necessary,
or what threat it was trying to protect against.
----- End forwarded message -----