NetBSD Problem Report #48702

From www@NetBSD.org  Fri Apr  4 03:07:13 2014
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 48023A5807
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  4 Apr 2014 03:07:13 +0000 (UTC)
Message-Id: <20140404030711.CD021A5811@mollari.NetBSD.org>
Date: Fri,  4 Apr 2014 03:07:11 +0000 (UTC)
From: fstd.lkml@gmail.com
Reply-To: fstd.lkml@gmail.com
To: gnats-bugs@NetBSD.org
Subject: early entropy does not get loaded
X-Send-Pr-Version: www-1.0

>Number:         48702
>Category:       security
>Synopsis:       early entropy does not get loaded
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    security-officer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 04 03:10:01 +0000 2014
>Closed-Date:    Tue Mar 26 10:05:45 +0000 2024
>Last-Modified:  Tue Mar 26 10:05:45 +0000 2024
>Originator:     Timo Buhrmester
>Release:        NetBSD 6.1.3
>Organization:
>Environment:
NetBSD alix.localdomain 6.1.3 NetBSD 6.1.3 (ALIXKERN) #2: Fri Apr  4 03:18:36 CEST 2014  toor@alix.localdomain:/usr/obj/sys/arch/i386/compile/ALIXKERN i386
>Description:
Very early in the boot process, a previously stored amount of entropy is (supposed to be) loaded.  As per /boot.cfg, the default location for the file storing entropy is /var/db/entropy-file.
/var typically resides on a separate partition and seems to be not accessible by the boot loader at that early stage.

As a consequence, no entropy will be available (the attempt to open() it gives ENOENT, which makes sense without /var being mounted).  I'm not much into cryptoanalysis, but I figure this is an undesirable situation from a security point of view.

>How-To-Repeat:
1. Have /var on a separate partition
2. Do ``rndseed /var/db/entropy-file'' when booting (default as per /boot.cfg)
3. Observe early warning about /var/db/entropy-file not being accessible, and the rndseed module failing to load
>Fix:
The entropy-file should be moved to the root filesystem.  This change is invisible to the user, as the file exists only between shutdowns and the following boot processes.

Here's the fix (as a quick workaround, /boot.cfg can be changed, and random_seed can be set in rc.conf, too)

Index: etc/etc.amd64/boot.cfg
===================================================================
RCS file: /cvsroot/src/etc/etc.amd64/boot.cfg,v
retrieving revision 1.4
diff -u -r1.4 boot.cfg
--- etc/etc.amd64/boot.cfg	21 Dec 2011 14:33:13 -0000	1.4
+++ etc/etc.amd64/boot.cfg	4 Apr 2014 02:54:20 -0000
@@ -1,7 +1,7 @@
-menu=Boot normally:rndseed /var/db/entropy-file;boot netbsd
-menu=Boot single user:rndseed /var/db/entropy-file;boot netbsd -s
-menu=Disable ACPI:rndseed /var/db/entropy-file;boot netbsd -2
-menu=Disable ACPI and SMP:rndseed /var/db/entropy-file;boot netbsd -12
+menu=Boot normally:rndseed /entropy-file;boot netbsd
+menu=Boot single user:rndseed /entropy-file;boot netbsd -s
+menu=Disable ACPI:rndseed /entropy-file;boot netbsd -2
+menu=Disable ACPI and SMP:rndseed /entropy-file;boot netbsd -12
 menu=Drop to boot prompt:prompt
 default=1
 timeout=5
Index: etc/etc.i386/boot.cfg
===================================================================
RCS file: /cvsroot/src/etc/etc.i386/boot.cfg,v
retrieving revision 1.4
diff -u -r1.4 boot.cfg
--- etc/etc.i386/boot.cfg	21 Dec 2011 14:33:13 -0000	1.4
+++ etc/etc.i386/boot.cfg	4 Apr 2014 02:54:20 -0000
@@ -1,7 +1,7 @@
-menu=Boot normally:rndseed /var/db/entropy-file;boot netbsd
-menu=Boot single user:rndseed /var/db/entropy-file;boot netbsd -s
-menu=Disable ACPI:rndseed /var/db/entropy-file;boot netbsd -2
-menu=Disable ACPI and SMP:rndseed /var/db/entropy-file;boot netbsd -12
+menu=Boot normally:rndseed /entropy-file;boot netbsd
+menu=Boot single user:rndseed /entropy-file;boot netbsd -s
+menu=Disable ACPI:rndseed /entropy-file;boot netbsd -2
+menu=Disable ACPI and SMP:rndseed /entropy-file;boot netbsd -12
 menu=Drop to boot prompt:prompt
 default=1
 timeout=5
Index: etc/rc.d/random_seed
===================================================================
RCS file: /cvsroot/src/etc/rc.d/random_seed,v
retrieving revision 1.1
diff -u -r1.1 random_seed
--- etc/rc.d/random_seed	23 Nov 2011 10:47:48 -0000	1.1
+++ etc/rc.d/random_seed	4 Apr 2014 02:54:20 -0000
@@ -15,7 +15,7 @@
 start_cmd="random_load"
 stop_cmd="random_save"

-random_file=${random_file:-/var/db/entropy-file}
+random_file=${random_file:-/entropy-file}

 fs_safe()
 {

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Tue, 26 Mar 2024 10:05:45 +0000
State-Changed-Why:
In August of 2014, a few months after this PR was filed, tls merged the
tls-earlyentropy branch teaching sysinst to move the entropy file in
new installations to /etc/entropy-file, updating both /boot.cfg and
/etc/rc.conf to reflect this, if /var is on a separate file system.

Changing _existing_ installations is a little dicier, because they may
have the entropy file as the only source of entropy, so there would
need to be a careful transition done to preserve it.  But this only
affects the bootloader, not the whole system, so it's not actually that
big a deal: /etc/rc.d/random_seed runs after mountcritlocal when /var
needs to be mounted anyway, so these systems just have a slightly wider
window between the start of boot and when the seed gets loaded.  And
now that uvm has native swap encryption, it's not as critical for that
window to be narrowed anyway (uvm swap encryption generates its key
lazily for each device on first write, not when the device is first
configured).

New custom installations that don't go through sysinst need to take
some care around this, but it's easy enough for them to customize
boot.cfg and rc.conf anyway.

So I think we can close this (but please let me know if you have
reasons why this should stay open and we can reopen it).


>Unformatted:

Home	PR Database Search