entropy subsystem #2793
Comments
|
by Leandro Pereira: Took a stab at implementing this. It's currently in code review. |
|
by Ruud Derwig: A security researcher signaled the lack of a good OS built-in solution for random numbers as well. He looked at several embedded OSes. A good summary of his findings was presented at CCC: https://media.ccc.de/v/33c3-7949-wheel_of_fortune |
|
Related to ZEP-1313 |
zephyrbot
added
priority: high
|
@lpereira is this done for 1.10? |
|
Part of it is done, yes: the only thing that is missing is a software-only thing to gather entropy from various sources where a hardware number generator isn't available. What has been merged is mostly a cleanup, separating drivers from the random number generator themselves, and adding a simple generator that does not draw that much entropy from the device. I'll close this as done and open another ticket for the software entropy gathering thing, targeting 1.11. |
Reported by Inaky Perez-Gonzalez:
As a developer, I need a consistent way to generate crypto-grade entropy that can be used to seed pseudo-random-number-generators for crypto, secure storage and hashing.
The subsystem shall support:
-- the entropy sources that can generate entropy as part of their normal operation shall be able to push entropy to the subsystem when enough is generated
-- the entropy sources that can supply entropy on demand shall support being polled by the subsystem
-- to be resolved: support source hoping? or will be adding from multiple SW and HW sources enough?
-- HW sources from SoC, drivers for entropy/crypto specific modules
-- SW sources:
--- drivers that have soft/random timings
--- IRQ handler timings
--- network noise
The current subsystem implementation (drivers/random) is not sufficient as it allows only a single source of entropy to be used. More solid entropy could be achieved by adding push points, reinforced with HW generated one.
(Imported from Jira ZEP-1314)
The text was updated successfully, but these errors were encountered: