From Fedora Project Wiki
(Moved to FeatureReadyForFesco for late approval (#934))
(Feature approved on Aug-20 meeting)
 
Line 110: Line 110:




[[Category:FeatureReadyForFesco]]
[[Category:FeatureAcceptedF18]]
<!-- When your feature page is completed and ready for review -->
<!-- When your feature page is completed and ready for review -->
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->

Latest revision as of 12:56, 21 August 2012



rngd default-on

Summary

rngd (part of the rng-tools package) should be enabled by default.

Owner

  • Email: jgarzik@redhat.com

Current status

  • Targeted release: Fedora 18
  • Last updated: 2012-08-06
  • Percentage of completion: 95%


Detailed Description

Linux generally relies on extracting entropy from noise in the compute environment for users of random numbers. However, in several critical compute environments entropic noise is notoriously scarce: servers, embedded systems, and virtual machines.

Some platforms provide a hardware random number generator, or they have a Trusted Platform Module (TPM); in particular KVM provides the rng-virtio interface to guests. Furthermore, rngd can make direct use of an architectural random number generator (currently it supports the x86 RDRAND instruction available in newer Intel processors.)

Lack of entropy is both a performance and a security problem. In the worst case it can result in duplicate key generations, as was recently discovered on Linux systems in the field.

There has been a number of functionality problems with rngd in the past, however, these should hopefully be eliminated in the just released version 4. Furthermore, if there are functionality problems remaining they should be reported upstream so they can be fixed, rather than leaving the daemon disabled with all the security hazards that entail.

In particular:

  - rngd should be turned on by default.
  - rngd should be started as early as possible.

Note that when using TPM, rngd currently conflicts with tcsd from TrouSerS. The solution to that is a kernel module which is probably going to be merged upstream in the 3.7 kernel, as it unfortunately missed the 3.6 merge window; however, it is a small patchset and it can be trivially backported. It should be in James Morris' linux-security git tree shortly; otherwise search for Kent Yoder on LKML.

Benefit to Fedora

Kernel random number generator has plenty of entropy on servers, virtual machines and other platforms.

Scope

  • Update rng-tools to version 4 (done).
  • Get rng-tools added to core list of packages.

How To Test

Run random-intensive tests such as certificate / key generation.

User Experience

Invisible, or, better kernel random entropy.

Dependencies

None

Contingency Plan

None necessary

Documentation

See above extended description.

Release Notes

Additional entropy is available for kernel random number generator users, particular for setups with low entropy such as servers or virtual machines.

Comments and Discussion