From c849485d9061ee5c7e975ba7cef93f3361a8e7ad Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Sun, 31 Mar 2019 04:57:50 +0000 Subject: [PATCH] random(4): Attempt to persist entropy promptly The goal of saving entropy in Fortuna is two-fold: (1) to provide early availability of the random device (unblocking) on next boot; and (2), to have known, high-quality entropy available for that initial seed. We know it is high quality because it's output taken from Fortuna. The FS&K paper makes it clear that Fortuna unblocks when enough bits have been input that the output //may// be safely seeded. But they emphasize that the quality of various entropy sources is unknown, and a saved entropy file is essential for both availability and ensuring initial unpredictability. In FreeBSD we persist entropy using two mechanisms: 1. The /etc/rc.d/random shutdown() function, which is used for ordinary shutdowns and reboots; and, 2. A cron job that runs every dozen minutes or so to persist new entropy, in case the system suffers from power loss or a crash (bypassing the ordinary shutdown path). Filesystems are free to cache dirty data indefinitely, with arbitrary flush policy. Fsync must be used to ensure the data is persisted, especially for the cron job save-entropy, whose entire goal is power loss and crash safe entropy persistence. Ordinary shutdown may not need the fsync because unmount should flush out the dirty entropy file shortly afterwards. But it is always possible power loss or crash occurs during the short window after rc.d/random shutdown runs and before the filesystem is unmounted, so the additional fsync there seems harmless. PR: 230876 Reviewed by: delphij, markj, markm Approved by: secteam (delphij) Differential Revision: https://reviews.freebsd.org/D19742 --- libexec/rc/rc.d/random | 9 ++++++++- libexec/save-entropy/save-entropy.sh | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/libexec/rc/rc.d/random b/libexec/rc/rc.d/random index 9762c9d3bfdd..b144923c4701 100755 --- a/libexec/rc/rc.d/random +++ b/libexec/rc/rc.d/random @@ -25,7 +25,8 @@ save_dev_random() for f ; do debug "saving entropy to $f" dd if=/dev/random of="$f" bs=4096 count=1 status=none && - chmod 600 "$f" + chmod 600 "$f" && + fsync "$f" "$(dirname "$f")" done umask ${oumask} } @@ -120,6 +121,9 @@ random_stop() dd if=/dev/random of=${entropy_file_confirmed} \ bs=4096 count=1 2> /dev/null || warn 'write failed (unwriteable file or full fs?)' + fsync "${entropy_file_confirmed}" \ + "$(dirname "${entropy_file_confirmed}")" \ + 2> /dev/null echo '.' ;; esac @@ -145,6 +149,9 @@ random_stop() dd if=/dev/random of=${entropy_boot_file_confirmed} \ bs=4096 count=1 2> /dev/null || warn 'write failed (unwriteable file or full fs?)' + fsync "${entropy_boot_file_confirmed}" \ + "$(dirname "${entropy_boot_file_confirmed}")" \ + 2> /dev/null echo '.' ;; esac diff --git a/libexec/save-entropy/save-entropy.sh b/libexec/save-entropy/save-entropy.sh index 053a031a7f02..6a5e7cdd38a0 100755 --- a/libexec/save-entropy/save-entropy.sh +++ b/libexec/save-entropy/save-entropy.sh @@ -90,5 +90,6 @@ while [ ${n} -ge 1 ]; do done dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null +fsync saved-entropy.1 "." exit 0