[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[christoph.muellner at theobroma-systems.com]

From: Christoph M?llner <christoph.muellner@theobroma-systems.com>

S20urandom is a nice script. However, there are systems, which
cannot make use of that script for some reasons (e.g. systems that
only have read-only partitions).

So let's install S20urandom only if configured to do so
(with default y to keep backwards-compatibility).

Signed-off-by: Christoph M?llner <christoph.muellner@theobroma-systems.com>
Change-Id: I85f3fafd4c2b1c3f25eee32e4c311613fcc0294e
---
 package/initscripts/Config.in               | 10 ++++++++++
 package/initscripts/{init.d => }/S20urandom |  0
 package/initscripts/initscripts.mk          |  8 ++++++++
 3 files changed, 18 insertions(+)
 rename package/initscripts/{init.d => }/S20urandom (100%)

diff --git a/package/initscripts/Config.in b/package/initscripts/Config.in
index 82cbd5c678..f60d4da4e6 100644
--- a/package/initscripts/Config.in
+++ b/package/initscripts/Config.in
@@ -2,3 +2,13 @@ config BR2_PACKAGE_INITSCRIPTS
 	bool
 	help
 	  The basics startup scripts for both SysV and Busybox
+
+if BR2_PACKAGE_INITSCRIPTS
+
+config BR2_PACKAGE_INITSCRIPTS_URANDOM
+	bool "Initscript to preserve random seeed between reboots"
+	default y
+	help
+	  An init script, that preserves the random seed between reboots.
+
+endif
diff --git a/package/initscripts/init.d/S20urandom b/package/initscripts/S20urandom
similarity index 100%
rename from package/initscripts/init.d/S20urandom
rename to package/initscripts/S20urandom
diff --git a/package/initscripts/initscripts.mk b/package/initscripts/initscripts.mk
index cfee155570..d5f20f469d 100644
--- a/package/initscripts/initscripts.mk
+++ b/package/initscripts/initscripts.mk
@@ -4,6 +4,14 @@
 #
 ################################################################################
 
+define INITSCRIPTS_INSTALL_URANDOM
+	$(INSTALL) -D -m 0755 package/initscripts/S20urandom $(TARGET_DIR)/etc/init.d/
+endef
+
+ifeq ($(BR2_PACKAGE_INITSCRIPTS_URANDOM),y)
+INITSCRIPTS_INSTALL_TARGET_HOOKS += INITSCRIPTS_INSTALL_URANDOM
+endif
+
 define INITSCRIPTS_INSTALL_TARGET_CMDS
 	mkdir -p  $(TARGET_DIR)/etc/init.d
 	$(INSTALL) -D -m 0755 package/initscripts/init.d/* $(TARGET_DIR)/etc/init.d/
-- 
2.26.2

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Thomas Petazzoni]

Hello Christoph,

On Sun, 19 Jul 2020 00:44:44 +0200
christoph.muellner at theobroma-systems.com wrote:

> From: Christoph M?llner <christoph.muellner@theobroma-systems.com>
> 
> S20urandom is a nice script. However, there are systems, which
> cannot make use of that script for some reasons (e.g. systems that
> only have read-only partitions).
> 
> So let's install S20urandom only if configured to do so
> (with default y to keep backwards-compatibility).
> 
> Signed-off-by: Christoph M?llner <christoph.muellner@theobroma-systems.com>

Hm, indeed it saves to /var/lib/random-seed, which we do not seem to
symlink to a tmpfs place when the rootfs is read-only. I'm not entirely
sure we want to add yet another option for this, or if we want to fix
it so that it "works" even in read-only rootfs scenarios. I don't have
a very clear opinion on how to handle that.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Yann E. MORIN]

Thomas, Christoph, Al,

On 2020-07-19 10:05 +0200, Thomas Petazzoni spake thusly:
> On Sun, 19 Jul 2020 00:44:44 +0200
> christoph.muellner at theobroma-systems.com wrote:
> 
> > From: Christoph M?llner <christoph.muellner@theobroma-systems.com>
> > 
> > S20urandom is a nice script. However, there are systems, which
> > cannot make use of that script for some reasons (e.g. systems that
> > only have read-only partitions).
> > 
> > So let's install S20urandom only if configured to do so
> > (with default y to keep backwards-compatibility).
> > 
> > Signed-off-by: Christoph M?llner <christoph.muellner@theobroma-systems.com>
> 
> Hm, indeed it saves to /var/lib/random-seed, which we do not seem to
> symlink to a tmpfs place when the rootfs is read-only. I'm not entirely
> sure we want to add yet another option for this, or if we want to fix
> it so that it "works" even in read-only rootfs scenarios. I don't have
> a very clear opinion on how to handle that.

I too don't think that warrants a kconfig option.

I would however believe this script is not interesting at all. In fact,
an ambedded device seldom reboots nicely; instead, it is most often a
hard-reboot (with a power cycle). In that case, the script would have no
chance whatsoever to save the current seed before shutdown, thus on next
boot we would restore a seed that would have already been used, thus
defeating randomness to begin with; worse, it would give people a sense
of security where there would in fact be a hole.

If people do not have a good source of randomness in their kernel and/or
hardware, they should switch to using things like rng-tools with
jitterentropy or the likes, rather than rely on saving and restoring the
seed.

It is my opinion that we should just drop that startup script altogether
and be done with it.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Peter Seiderer]

Hello *,

On Sun, 19 Jul 2020 13:49:50 +0200, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:

> Thomas, Christoph, Al,
> 
> On 2020-07-19 10:05 +0200, Thomas Petazzoni spake thusly:
> > On Sun, 19 Jul 2020 00:44:44 +0200
> > christoph.muellner at theobroma-systems.com wrote:
> >   
> > > From: Christoph M?llner <christoph.muellner@theobroma-systems.com>
> > > 
> > > S20urandom is a nice script. However, there are systems, which
> > > cannot make use of that script for some reasons (e.g. systems that
> > > only have read-only partitions).
> > > 
> > > So let's install S20urandom only if configured to do so
> > > (with default y to keep backwards-compatibility).
> > > 
> > > Signed-off-by: Christoph M?llner <christoph.muellner@theobroma-systems.com>  
> > 
> > Hm, indeed it saves to /var/lib/random-seed, which we do not seem to
> > symlink to a tmpfs place when the rootfs is read-only. I'm not entirely
> > sure we want to add yet another option for this, or if we want to fix
> > it so that it "works" even in read-only rootfs scenarios. I don't have
> > a very clear opinion on how to handle that.  
> 
> I too don't think that warrants a kconfig option.
> 
> I would however believe this script is not interesting at all. In fact,
> an ambedded device seldom reboots nicely; instead, it is most often a
> hard-reboot (with a power cycle). In that case, the script would have no
> chance whatsoever to save the current seed before shutdown, thus on next
> boot we would restore a seed that would have already been used, thus
> defeating randomness to begin with; worse, it would give people a sense
> of security where there would in fact be a hole.

This is a very limited view of the buildroot use-cases, I believe there
are although some, call it 'mid-range' embedded systems, with a proper
power-down button shutting down the system before killing the power
(or at least the use-case of two of my customer projects)...

Regards,
Peter 

> 
> If people do not have a good source of randomness in their kernel and/or
> hardware, they should switch to using things like rng-tools with
> jitterentropy or the likes, rather than rely on saving and restoring the
> seed.
> 
> It is my opinion that we should just drop that startup script altogether
> and be done with it.
> 
> Regards,
> Yann E. MORIN.
> 

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Yann E. MORIN]

Peter, All,

On 2020-07-19 14:09 +0200, Peter Seiderer spake thusly:
> On Sun, 19 Jul 2020 13:49:50 +0200, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:
[--SNIP--]
> > I would however believe this script is not interesting at all. In fact,
> > an ambedded device seldom reboots nicely; instead, it is most often a
> > hard-reboot (with a power cycle). In that case, the script would have no
> > chance whatsoever to save the current seed before shutdown, thus on next
> > boot we would restore a seed that would have already been used, thus
> > defeating randomness to begin with; worse, it would give people a sense
> > of security where there would in fact be a hole.
> 
> This is a very limited view of the buildroot use-cases, I believe there
> are although some, call it 'mid-range' embedded systems, with a proper
> power-down button shutting down the system before killing the power
> (or at least the use-case of two of my customer projects)...

Yeah, but still, is saving-n-restoring the seed the sanest thing to do?
If your devices are that well engineered (yeah!), you probably have a
good source of randmoness (proably HW, or with rng-tools et al), so
don't need to save-n-restore the seed...

Even for well-designed devices, that can be sanely powered-off-then-on,
there is always the possibility that the power completely goes out, and
thus the seed would be re-used.

Re-using a seed is one of the worst thing one may do about randomness:
it is very, very bad, because it gives people a false sense of security
"Hey! I'm saving and restoring the seed, so no two boots will have the
same random sequence! Woohoo!" Boom, wrong...

So I still stand on my position that we should get rid of S20random.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Christoph Müllner]

Hi all,

On 7/19/20 2:24 PM, Yann E. MORIN wrote:
> Peter, All,
> 
> On 2020-07-19 14:09 +0200, Peter Seiderer spake thusly:
>> On Sun, 19 Jul 2020 13:49:50 +0200, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:
> [--SNIP--]
>>> I would however believe this script is not interesting at all. In fact,
>>> an ambedded device seldom reboots nicely; instead, it is most often a
>>> hard-reboot (with a power cycle). In that case, the script would have no
>>> chance whatsoever to save the current seed before shutdown, thus on next

That's not fully correct.
save_random_seed() is also called during start.

>>> boot we would restore a seed that would have already been used, thus
>>> defeating randomness to begin with; worse, it would give people a sense
>>> of security where there would in fact be a hole.
>>
>> This is a very limited view of the buildroot use-cases, I believe there
>> are although some, call it 'mid-range' embedded systems, with a proper
>> power-down button shutting down the system before killing the power
>> (or at least the use-case of two of my customer projects)...
> 
> Yeah, but still, is saving-n-restoring the seed the sanest thing to do?
> If your devices are that well engineered (yeah!), you probably have a
> good source of randmoness (proably HW, or with rng-tools et al), so
> don't need to save-n-restore the seed...
> 
> Even for well-designed devices, that can be sanely powered-off-then-on,
> there is always the possibility that the power completely goes out, and
> thus the seed would be re-used.
> 
> Re-using a seed is one of the worst thing one may do about randomness:
> it is very, very bad, because it gives people a false sense of security
> "Hey! I'm saving and restoring the seed, soMatt Weber <matthew.weber@rockwellcollins.com> no two boots will have the
> same random sequence! Woohoo!" Boom, wrong...
> 
> So I still stand on my position that we should get rid of S20random.

I agree mostly to your argumentation.

However, I know that a S20urandom-like mechanism is exactly
what I need in systems where I need to start an SSH server
in an development image for a system without proper entropy source.
I.e. where poor quality of random number does not matter, but
a bootup delay of a minute until the kernel RNG is seeded hurts.

So I am in favor of being able to remove S20urandom (thus my patch),
but I see that users need that and would like to continue to support
people that need it out-of-the-box.

What about moving S20urandom into a package urandom-scripts
(similar to ifupdown-scripts)?

If you still insist on dropping the script, then just let me know and
I will prepare a patch to do so.

Thanks,
Christoph

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Thomas Petazzoni]

On Mon, 20 Jul 2020 14:26:59 +0200
Christoph M?llner <christoph.muellner@theobroma-systems.com> wrote:

> What about moving S20urandom into a package urandom-scripts
> (similar to ifupdown-scripts)?

This potentially seems like a good idea to me.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Christoph Müllner]

On 7/20/20 2:30 PM, Thomas Petazzoni wrote:
> On Mon, 20 Jul 2020 14:26:59 +0200
> Christoph M?llner <christoph.muellner@theobroma-systems.com> wrote:
> 
>> What about moving S20urandom into a package urandom-scripts
>> (similar to ifupdown-scripts)?
> 
> This potentially seems like a good idea to me.

I've prepared such a patch here:

http://lists.busybox.net/pipermail/buildroot/2020-July/287370.html

Thanks,
Christoph

[Buildroot] [PATCH] initscripts: Make installation of S20urandom optional.

[Yann E. MORIN]

Christoph, All,

On 2020-07-20 14:26 +0200, Christoph M?llner spake thusly:
> On 7/19/20 2:24 PM, Yann E. MORIN wrote:
> > On 2020-07-19 14:09 +0200, Peter Seiderer spake thusly:
> >> On Sun, 19 Jul 2020 13:49:50 +0200, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:
> > [--SNIP--]
> >>> I would however believe this script is not interesting at all. In fact,
> >>> an ambedded device seldom reboots nicely; instead, it is most often a
> >>> hard-reboot (with a power cycle). In that case, the script would have no
> >>> chance whatsoever to save the current seed before shutdown, thus on next
> That's not fully correct.
> save_random_seed() is also called during start.

Right. But if the entropy pool is so poor at boot that you need to
save-restore the seed at each boot, the probability that the new seed you
save back at startup is very predicatble as it is saved right just after
loading the old one, and since you don't have much entropy to start with,
that defeat the very purpose of saving and restoring the seed.

[--SNIP--]
> I agree mostly to your argumentation.
> 
> However, I know that a S20urandom-like mechanism is exactly
> what I need in systems where I need to start an SSH server
> in an development image for a system without proper entropy source.
> I.e. where poor quality of random number does not matter, but
> a bootup delay of a minute until the kernel RNG is seeded hurts.

Then you do not need to save-n-restore the seed; instead, you need a
better source of entropy availabe early at boot. And that is exactly
what rng-tools and jitterentropy-library, or haveged or others, are
supposed to provide: a strong source of entopy even in the abscence
of HW-TRNG. See:

    package/haveged/
    package/jitterentropy-library/
    https://lwn.net/Articles/802360/  (in kernel-land)

> So I am in favor of being able to remove S20urandom (thus my patch),
> but I see that users need that and would like to continue to support
> people that need it out-of-the-box.

I don't think people need to "save and restore the seed". Really, what
people really need is "strong entropy in early boot".

Saving and restoring the seed is only one technique to do so, and a poor
one at that, because it is fraught with corner cases that break that
assumption.

Instead, solutions exists that are more robust: using rng-tools with
jitternetropy, or haveged. Or a recent kernel (5.3+) that already uses
(some kind of) jitterentropy to seed /dev/random.

> What about moving S20urandom into a package urandom-scripts
> (similar to ifupdown-scripts)?

That would be the least of all evils about this! ;-) I'm going to have a
look at your patch now. Thanks for your persistence! (pun intended! ;-] )

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'