[Buildroot] [PATCH v2 1/2] package/haveged: Change service file to run early
nolange79 at gmail.com
Tue Jun 30 07:54:39 UTC 2020
> > > > > I am not up to speed with FIPS tests, but from a really really long way back
> > > > > it wasn't a big issue to pass most tests with the Mersenne Twister and a few
> > > > > bits of true entropy.
> > > > >
> > > > > Basically it feeds PRNG back to kernel and lets it account as entropy source.
> > > >
> > > > I could not find any backup for that claim. If I understood
> > > > correctly, haveged does not read from the kernel PRNG.
> > >
> > > The kernel has an entropy pool, it taps alot sources (inkl jitter, see
> > > https://lwn.net/Articles/642166/).
> > Yes, but according to Stephan Müller, the author of the
> > jitterentropy-rng, the kernel uses the CPU timing jitter internally
> > only in the crypto subsystem, that's not fed to the pool /dev/random
> > uses . There's a patch series for a redesigned random number
> > subsystem by him, which would make that possible, but that never got
> > merged.
Forgot adding the kernel uses "timings of events such as hardware
interrupts as inputs",
that's basically the same entropy source that causes your "jitters".
"CPU effects" like cache evictions, pipeline flushes are just an
effect of that and could
be deterministically recreated if the IRQs happen in the same fashion again.
More information about the buildroot