NetBSD Problem Report #58548
From www@netbsd.org Sat Aug 3 12:03:44 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 379801A923E
for <gnats-bugs@gnats.NetBSD.org>; Sat, 3 Aug 2024 12:03:44 +0000 (UTC)
Message-Id: <20240803120342.B03891A923F@mollari.NetBSD.org>
Date: Sat, 3 Aug 2024 12:03:42 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: kernel should incorporate DMI info into entropy pool
X-Send-Pr-Version: www-1.0
>Number: 58548
>Category: kern
>Synopsis: kernel should incorporate DMI info into entropy pool
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Aug 03 12:05:01 +0000 2024
>Last-Modified: Sat Aug 03 13:10:00 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10, 9, ...
>Organization:
The NetBSD Randuuidation
>Environment:
>Description:
Utility computing instances don't always provide random seeds, CPU instructions for entropy sources, or firmware access to entropy sources.
But they often do assign a randomly generated system UUID in the SMBIOS DMI info. Although we have no idea how much entropy might go into this, and although we can't erase it, it will still help to distinguish other samples from multiple boots of the same software on the same hardware in different compute instances.
>How-To-Repeat:
run NetBSD on a utility computing host like OCI A1 instances that don't have random seeds
>Fix:
rnd_add_data the SMBIOS DMI info, or maybe in kern_pmf.c for the platform uuid and stuff
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/58548: kernel should incorporate DMI info into entropy pool
Date: Sat, 3 Aug 2024 14:52:38 +0200
While there please also make that uuid easily available via sysctl
for userland usage.
Martin
From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/58548: kernel should incorporate DMI info into entropy pool
Date: Sat, 3 Aug 2024 13:06:48 -0000 (UTC)
martin@duskware.de (Martin Husemann) writes:
> While there please also make that uuid easily available via sysctl
> for userland usage.
It's already there:
machdep.dmi.system-uuid
Like other serial numbers, it can only be read by root.
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.