Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/modules/security/rngd: Disable by default #96092

Merged
merged 2 commits into from Sep 10, 2020
Merged

nixos/modules/security/rngd: Disable by default #96092

merged 2 commits into from Sep 10, 2020

Conversation

nbraud
Copy link
Contributor

@nbraud nbraud commented Aug 23, 2020
edited

Motivation for this change

rngd seems to be the root cause for slow boot issues, and its functionality is
redundant since kernel v3.17 (2014), which introduced a krngd task (in kernel
space) that takes care of pulling in data from hardware RNGs:

commit be4000bc4644d027c519b6361f5ae3bbfc52c347
Author: Torsten Duwe duwe@lst.de
Date: Sat Jun 14 23:46:03 2014 -0400

hwrng: create filler thread

This can be viewed as the in-kernel equivalent of hwrngd;
like FUSE it is a good thing to have a mechanism in user land,
but for some reasons (simplicity, secrecy, integrity, speed)
it may be better to have it in kernel space.

This patch creates a thread once a hwrng registers, and uses
the previously established add_hwgenerator_randomness() to feed
its data to the input pool as long as needed. A derating factor
is used to bias the entropy estimation and to disable this
mechanism entirely when set to zero.
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@nbraud nbraud mentioned this pull request Aug 23, 2020
Closed
@nbraud
Copy link
Contributor Author

nbraud commented Aug 23, 2020

Apologies for not testing this change: I'm fairly new to NixOS and I have no idea (yet) how I would test locally a change to nixpkgs.

@vcunat
Copy link
Member

vcunat commented Aug 23, 2020

nixos-rebuild accepts -I nixpkgs=/path/to/nixpkgs/checkout if that's what you're missing.

@shlevy
Copy link
Member

shlevy commented Aug 23, 2020

Hmm, why did you remove the udev rules?

@nbraud
Copy link
Contributor Author

nbraud commented Aug 23, 2020

Hmm, why did you remove the udev rules?

I removed the udev rules because they were all for hardware that's already handled by the kernel directly.

@shlevy
Copy link
Member

shlevy commented Aug 23, 2020

@nbraud Perhaps we should remove rngd altogether, but this is the only hardware that rngd helps for anyway. If someone explicitly enables it presumably they want it for their devices?

@nbraud
Copy link
Contributor Author

nbraud commented Aug 26, 2020

@nbraud Perhaps we should remove rngd altogether, but this is the only hardware that rngd helps for anyway.

Removing the rngd module would make sense at this stage, yes. It's a fair bit more work (as default configuration, documentation, and other modules need to be updated) and I'm unsure how to deal with it breaking backwards compat (removing the options under security.rngd might cause people's config to fail to evaluate).

It's possible some people might want rngd (the program) to deal with hardware RNGs that the kernel doesn't detect as such (I have a couple such devices, that provide a random stream over (emulated) USB-serial) but it doesn't seem to be a configuration that the module supports anyway (so there would be no loss of functionality)

If someone explicitly enables it presumably they want it for their devices?

Presumably, but (as mentioned above) there doesn't seem to be a way, in the module, to point rngd at a custom device.

@vcunat
Copy link
Member

vcunat commented Aug 26, 2020

removing the options under security.rngd might cause people's config to fail to evaluate

mkRemovedOptionModule IIRC

@worldofpeace worldofpeace added this to To Do in 20.09 Blockers via automation Sep 10, 2020
@worldofpeace worldofpeace added this to the 20.09 milestone Sep 10, 2020
nbraud and others added 2 commits September 9, 2020 21:51
@nbraud @worldofpeace
nixos/modules/security/rngd: Disable by default
e64d3f6 
`rngd` seems to be the root cause for slow boot issues, and its functionality is
redundant since kernel v3.17 (2014), which introduced a `krngd` task (in kernel
space) that takes care of pulling in data from hardware RNGs:

> commit be4000bc4644d027c519b6361f5ae3bbfc52c347
> Author: Torsten Duwe <duwe@lst.de>
> Date:   Sat Jun 14 23:46:03 2014 -0400
>
>     hwrng: create filler thread
>
>     This can be viewed as the in-kernel equivalent of hwrngd;
>     like FUSE it is a good thing to have a mechanism in user land,
>     but for some reasons (simplicity, secrecy, integrity, speed)
>     it may be better to have it in kernel space.
>
>     This patch creates a thread once a hwrng registers, and uses
>     the previously established add_hwgenerator_randomness() to feed
>     its data to the input pool as long as needed. A derating factor
>     is used to bias the entropy estimation and to disable this
>     mechanism entirely when set to zero.

Closes: #96067
@worldofpeace
rl-2009: document rngd
ca674c1
@worldofpeace worldofpeace merged commit f7a6a1a into NixOS:master Sep 10, 2020
20.09 Blockers automation moved this from To Do to Done Sep 10, 2020
@worldofpeace
Copy link
Contributor

backported fc5f50a 26c98e7 to release-20.09

@worldofpeace worldofpeace removed this from Done in 20.09 Blockers Oct 5, 2020
@worldofpeace worldofpeace added this to In progress in 20.09 Blockers via automation Oct 5, 2020
@worldofpeace worldofpeace moved this from In progress to Done in 20.09 Blockers Oct 5, 2020
@nbraud nbraud deleted the security/rngd branch October 11, 2020 18:49
@nbraud
Copy link
Contributor Author

nbraud commented Oct 11, 2020

Thanks @worldofpeace, and sorry for going silent: I've been pretty sick the last month+, and the workstation I installed NixOS on decided to just die. (I'm currently RMAing the motherboard. >_>')

@nbraud nbraud mentioned this pull request Feb 21, 2021
Merged
12 tasks
nbraud added a commit to nbraud/nixpkgs that referenced this pull request Feb 21, 2021
@nbraud
nixos/rngd: Remove module entirely, leave an explaination
39383a8 
Per @shlevy's request on NixOS#96092.
@nbraud nbraud mentioned this pull request Dec 24, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NeQuissimus NeQuissimus NeQuissimus approved these changes

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1 12. first-time contribution
Projects
No open projects
20.09 Blockers
  
Done
Milestone
20.09
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@nbraud @vcunat @shlevy @worldofpeace @NeQuissimus @Janik-Haag