NetBSD Problem Report #58548

From www@netbsd.org  Sat Aug  3 12:03:44 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 379801A923E
	for <gnats-bugs@gnats.NetBSD.org>; Sat,  3 Aug 2024 12:03:44 +0000 (UTC)
Message-Id: <20240803120342.B03891A923F@mollari.NetBSD.org>
Date: Sat,  3 Aug 2024 12:03:42 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: kernel should incorporate DMI info into entropy pool
X-Send-Pr-Version: www-1.0

>Number:         58548
>Category:       kern
>Synopsis:       kernel should incorporate DMI info into entropy pool
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 03 12:05:01 +0000 2024
>Last-Modified:  Sat Aug 03 13:10:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10, 9, ...
>Organization:
The NetBSD Randuuidation
>Environment:
>Description:
Utility computing instances don't always provide random seeds, CPU instructions for entropy sources, or firmware access to entropy sources.

But they often do assign a randomly generated system UUID in the SMBIOS DMI info.  Although we have no idea how much entropy might go into this, and although we can't erase it, it will still help to distinguish other samples from multiple boots of the same software on the same hardware in different compute instances.
>How-To-Repeat:
run NetBSD on a utility computing host like OCI A1 instances that don't have random seeds
>Fix:
rnd_add_data the SMBIOS DMI info, or maybe in kern_pmf.c for the platform uuid and stuff

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/58548: kernel should incorporate DMI info into entropy pool
Date: Sat, 3 Aug 2024 14:52:38 +0200

 While there please also make that uuid easily available via sysctl
 for userland usage.

 Martin

From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/58548: kernel should incorporate DMI info into entropy pool
Date: Sat, 3 Aug 2024 13:06:48 -0000 (UTC)

 martin@duskware.de (Martin Husemann) writes:

 > While there please also make that uuid easily available via sysctl
 > for userland usage.

 It's already there:

 machdep.dmi.system-uuid

 Like other serial numbers, it can only be read by root.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.