NetBSD Problem Report #55917

From www@netbsd.org  Sun Jan 10 18:40:45 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 622E61A9217
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 10 Jan 2021 18:40:45 +0000 (UTC)
Message-Id: <20210110184044.039921A9245@mollari.NetBSD.org>
Date: Sun, 10 Jan 2021 18:40:43 +0000 (UTC)
From: schaecsn@gmx.net
Reply-To: schaecsn@gmx.net
To: gnats-bugs@NetBSD.org
Subject: /etc/rc.d/cgd stalls on encrypted swap partitions
X-Send-Pr-Version: www-1.0

>Number:         55917
>Category:       bin
>Synopsis:       /etc/rc.d/cgd stalls on encrypted swap partitions
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 10 18:45:00 +0000 2021
>Last-Modified:  Sun Jan 10 23:40:01 +0000 2021
>Originator:     Stefan Schaeckeler
>Release:        NetBSD 9.1
>Organization:
>Environment:
NetBSD XXX 9.1_STABLE NetBSD 9.1_STABLE (GENERIC) #2: Sun Jan  3 11:19:52 PST 2021  root@dell.wonderland.de:/usr/obj/sys/arch/amd64/compile/GENERIC amd6
>Description:
/etc/rc.d/cgd stalls in cgdconfig -C on encrypted swap partitions when following /wiki.netbsd.org/guide/cgd/

The stall happens only during boot. When invoking /etc/rc.d/cgd after completion of the boot process, cgdconfig does not stall. See cgdconfig(8) for an explanation:

     urandomkey         The method simply reads /dev/urandom and uses the
                        resulting bits as the key.  This is similar to the
                        randomkey method, but it guarantees that cgdconfig
                        will not stall waiting for hard-random bits (useful
                        when configuring a cgd for swap at boot time).

>How-To-Repeat:

>Fix:
Please replace randomkey with urandomkey in section "Using a random-key cgd for swap".

>Audit-Trail:
From: Taylor R Campbell <riastradh@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: schaecsn@gmx.net
Subject: Re: bin/55917: /etc/rc.d/cgd stalls on encrypted swap partitions
Date: Sun, 10 Jan 2021 19:14:39 +0000

 > Date: Sun, 10 Jan 2021 18:40:43 +0000 (UTC)
 > From: schaecsn@gmx.net
 >=20
 > /etc/rc.d/cgd stalls in cgdconfig -C on encrypted swap partitions
 > when following /wiki.netbsd.org/guide/cgd/

 Side note: that's an old version of the guide; the one that is
 maintained is <https://www.NetBSD.org/docs/guide/en/chap-cgd.html>.
 I'm not really sure why we have a snapshot of the guide in the wiki;
 we should maybe get rid of it and make it redirect.

 > The stall happens only during boot. When invoking /etc/rc.d/cgd
 > after completion of the boot process, cgdconfig does not stall. See
 > cgdconfig(8) for an explanation:
 >=20
 >      urandomkey         The method simply reads /dev/urandom and uses the
 >                         resulting bits as the key.  This is similar to the
 >                         randomkey method, but it guarantees that cgdconfig
 >                         will not stall waiting for hard-random bits (usef=
 ul
 >                         when configuring a cgd for swap at boot time).
 >=20
 > Please replace randomkey with urandomkey in section "Using a
 > random-key cgd for swap".

 If randomkey stalls at boot when you try to configure cgd, that
 indicates that you probably don't have enough entropy to safely
 generate an unpredictable key.

 So if you switched it to urandomkey on a machine where it hangs with
 randomkey, the encrypted swap wouldn't actually provide much security.

 That said, in netbsd-current (which will become NetBSD 10), there is a
 much better approach: setting vm.swap_encrypt=3D1 with sysctl; we will
 probably turn it on by default on some architectures too.

From: Stefan Schaeckeler <schaecsn@gmx.net>
To: riastradh@NetBSD.org
Cc: gnats-bugs@NetBSD.org
Subject: Re: bin/55917: /etc/rc.d/cgd stalls on encrypted swap partitions
Date: Sun, 10 Jan 2021 15:39:37 -0800 (PST)

 Hello Taylor,

 > If randomkey stalls at boot when you try to configure cgd, that
 > indicates that you probably don't have enough entropy to safely
 > generate an unpredictable key.

 This is my entropy right before the call to cgdconfig in /etc/rc.d/cgd:

 - - - snip - - -
 rndctl -slv
 Source                 Bits Type      Flags
 cd0                       0 disk estimate, collect, v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 sd1                       0 disk estimate, collect, v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 ums0                      0 tty  estimate, collect, v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 uhid1                     0 tty  estimate, collect, v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 uhid0                     0 tty  estimate, collect, v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 ukbd0                     0 tty  estimate, collect, v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 sd0                      55 disk estimate, collect, v, t, dt
 	Dt samples = 43
 	Dt bits = 43
 	Dv samples = 43
 	Dv bits = 21
 wd0                     592 disk estimate, collect, v, t, dt
 	Dt samples = 324
 	Dt bits = 324
 	Dv samples = 324
 	Dv bits = 206
 cpu3                      0 vm   estimate, collect, v, t, dv
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 cpu2                      1 vm   estimate, collect, v, t, dv
 	Dt samples = 1
 	Dt bits = 1
 	Dv samples = 1
 	Dv bits = 1
 cpu1                      0 vm   estimate, collect, v, t, dv
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 cpu0                      7 vm   estimate, collect, v, t, dv
 	Dt samples = 7
 	Dt bits = 7
 	Dv samples = 7
 	Dv bits = 7
 coretemp1-cpu1            0 env  estimate, collect, v, t, dv, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 coretemp0-cpu0            0 env  estimate, collect, v, t, dv, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 re0                       0 net  v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 system-power              0 power estimate, collect, v, t, dt
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 autoconf                163 ???  estimate, collect, t, dt
 	Dt samples = 83
 	Dt bits = 83
 	Dv samples = 83
 	Dv bits = 0
 printf                    0 ???  collect
 	Dt samples = 0
 	Dt bits = 0
 	Dv samples = 0
 	Dv bits = 0
 callout                 133 skew estimate, collect, v, dv
 	Dt samples = 67
 	Dt bits = 67
 	Dv samples = 67
 	Dv bits = 67
 	      704 bits mixed into pool
 	        0 bits currently stored in pool (max 4096)
 	        0 bits of entropy discarded due to full pool
 	      704 hard-random bits generated
 	     4416 pseudo-random bits generated
 - - - snip - - -

 I get most of the entropy, but not enough, from my boot disk wd0.

 How are other systems able to generate more entropy right at the start of the boot process in /etc/rc.d/cgd?

  Stefan

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.