[talk] FreeBSD 10.2-stable "random device not loaded"

Mark Saad mark.saad at ymail.com
Mon Jan 4 16:23:03 EST 2016





----- Original Message -----
> From: Jim B. <jpb at jimby.name>
> To: George Rosamond <george at ceetonetechnology.com>
> Cc: talk at lists.nycbug.org
> Sent: Saturday, December 19, 2015 4:12 PM
> Subject: Re: [talk] FreeBSD 10.2-stable "random device not loaded"
> 
> * George Rosamond <george at ceetonetechnology.com> [2015-12-18 23:16]:
>>  John Baldwin:
>>  > On Wednesday, December 16, 2015 11:41:52 PM George Rosamond wrote:
>>  >> Pete Wright:
>>  >>>
>>  >>>
>>  >>> On 12/16/15 16:10, Pete Wright wrote:
>>  >>>>
>>  >>>>
>>  >>>> On 12/16/15 15:42, John Baldwin wrote:
>>  >>>>> On Friday, December 11, 2015 06:10:52 PM George 
> Rosamond wrote:
>>  >>>>>> Just updated a box to #r292122 with GENERIC, found 
> this wildly
>>  >>>>>> confidence-building note in the dmesg:
>>  >>>>>>
>>  >>>>>>   random device not loaded; using insecure entropy
>>  >>>>>>
>>  >>>>>> Two lines later in the dmesg it does say:
>>  >>>>>>
>>  >>>>>>   random: <Software, Yarrow> initialized
>>  >>>>>>
>>  >>>>>> I don't see anything online recently about 
> this... except for one
>>  >>>>>> unanswered post on freebsd-questions@ in late 
> October.
>>  >>>>>>
>>  >>>>>> Thought I'd post here before I dug further...
>>  >>>>>
>>  >>>>> Humm, any luck on more info?  I haven't seen that 
> on HEAD, and GENERIC
>>  >>>>> on stable/10 includes device random so that seems odd.
>>  >>>>>
>>  >>>>
>>  >>>>
>>  >>>> i am *not* seeing this on one of my KVM instances here 
> running HEAD r292065:
>>  >>>>
>>  >>>> pwright at bsd-current:/usr/src % dmesg|grep -i random
>>  >>>> random: unblocking device.
>>  >>>> random: entropy device external interface
>>  >>>> random: registering fast source Intel Secure Key RNG
>>  >>>> random: fast provider: "Intel Secure Key RNG"
>>  >>>>
>>  >>>>
>>  >>>> this is a sandy bridge (E3xxx) Intel CPU on the hypervisor 
> fwiw.
>>  >>>
>>  >>> strike that - freebsd detects this as a E312xx but the 
> hypervisor is a
>>  >>> E5-2697 v2 which is also a sandy bridge, but a different rev 
> than the E3xxxx
>>  >>
>>  >> Thanks Pete and John.
>>  >>
>>  >> Again, here's the relevant part of the dmesg:
>>  >>
>>  >> random device not loaded; using insecure entropy
>>  >> ioapic0 <Version 2.0> irqs 0-23 on motherboard
>>  >> random: <Software, Yarrow> initialized
>>  >>
>>  >> Someone hit me offlist on this, and apparently it's Supermicro
>>  >> motherboard-related.  Yes, vague, but I need to do more searching 
> after
>>  >> that.
>>  > 
>>  > Hmm, that seems like a bit of an order of operations thing where 
> something is
>>  > asking for random bits before device random is initialized.  I'm 
> not sure what
>>  > would be asking for it that early though.
>>  > 
>> 
>>  Yes, definitely.  What could be requesting entropy before Yarrow
>>  initializes?
>> 
>>  I have to look a bit more into it when I get a chance.
>> 
> 
> Try booting verbose.  The demsg will  have all the verbose info.
> 
> My 2 (Arkansas hick version)
> 
> Jim B.
> 
> 

> 




All

I was looking at this issue again, and I was able to recreate it.
On 10-STABLE amd64 r292855.


See dmesg here
http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871

I am going to start digging , the warning is in sys/dev/random/harvest.c

102 /* If the entropy device is not loaded, make a token effort to
103 * provide _some_ kind of randomness. This should only be used
104 * inside other RNG's, like arc4random(9).
105 */
106 static int
107 read_random_phony(void *buf, int count)
108 {
109 u_long randval;
110 int size, i;
111
112 if (!warned) {
113 log(LOG_WARNING, "random device not loaded; using insecure entropy\n");
114 warned = 1;
115 }
116
117 /* srandom() is called in kern/init_main.c:proc0_post() */
118
119 /* Fill buf[] with random(9) output */
120 for (i = 0; i < count; i+= (int)sizeof(u_long)) {
121 randval = random();
122 size = MIN(count - i, sizeof(u_long));
123 memcpy(&((char *)buf)[i], &randval, (size_t)size);
124 }
125
126 return (count);




-- Mark Saad mark.saad at ymail.com
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
> 




More information about the talk mailing list