On 01/15/14 at 12:52pm, Vivek Goyal wrote:
On Wed, Jan 15, 2014 at 03:39:14PM +0800, WANG Chao wrote:
[..]
> > I am not sure if random seed is optional. I think things will still work
> > but enough randomness might not be there and it might make for weaker
> > crypto and might make it little less secure in kdump environemnt.
>
> Yes, it's right. Without sufficient entropy, the random could be
> theoretically vulnerable. That makes kdump environment less secure like
> you said.
>
> But kdump can't force user to maintain such random seed file
> /var/lib/systemd/random-seed or /var/lib/random-seed. For whatever
> reason, this seed file could be deleted or relocated some other place.
>
> Given the fact that entropy may be not sufficient and we must feed
> /dev/urandom in 2nd kernel. What makes sense to me is that we generate
> our own seed when creating kdump initramfs and feed this one to
> /dev/urandom in 2nd kernel.
>
> It's rather simple to implement it.
> [inspired from man:random(4)]
>
> In module-setup.sh, save random seed:
>
> dd if=/dev/urandom of=${initdir}/$RANDOM_SEED \
> bs=`cat /proc/sys/kernel/random/poolsize` count=1
>
> In kdump.sh, feed /dev/urandom with our preserved randome seed:
>
> cat $RANDOM_SEED > /dev/urandom
>
> So neither we have to fail when kdump can't find the system-wide random
> seed file nor we have worry about where the seed is located.
In general I like the idea that we use /dev/urandom to save the seed if
it is not available at standard places. So how about following.
if [ -f /var/lib/random-seed ]
dracut_install /var/lib/random-seed
elif [ -f /var/lib/systemd/random-seed ]
dracut_install /var/lib/systemd/random-seed
else
/* Use /dev/urandom as random seed */
fi
It's too complicated code block and if the seed file changes again, we
have to address it for another time. The code block will grow larger and
larger.
A seed file doesn't have to be the standard one. As far as I know,
/var/lib/systemd/random-seed works in a quite simple way:
1. When system is booting, systemd-random-seed.service starts and do the
following job:
a) Restore the entropy pool from the last boot by:
cat /var/lib/systemd/random-seed > /dev/urandom
b) Save the entropy pool for the next boot by (in case a sudden
shutdwon):
dd if=/dev/urandom of=${initdir}/$RANDOM_SEED \
bs=`cat /proc/sys/kernel/random/poolsize` count=1
2. When system is shutting down, s-r-s.service stops and do the
following job:
a) Save the entropy pool for the next boot:
dd if=/dev/urandom of=${initdir}/$RANDOM_SEED \
bs=`cat /proc/sys/kernel/random/poolsize` count=1
So based on how /var/lib/systemd/random-seed works, I think it's nothing
wrong if we use a random seed created by ourselves. It could be less
vulnerable (more secure) using a different random seed rather than
presevering /var/lib/systemd/random-seed for 2nd kernel.
That's why I'd like to stick to the idea to create our own seed and not
use the systemd's one.
Thanks
WANG Chao