Re: getrandom and getentropy

[Joerg Sonnenberger <joerg%bec.de@localhost>]

On Mon, May 11, 2020 at 04:28:51PM +0300, Andreas Gustafsson wrote:
> nia wrote:
> > > OpenBSD guarantees that there is an entropy seed from the boot loader,
> > > which is very different from NetBSD's "best effort".  Was this not
> > > already the case when the getentropy API was introduced?
> > 
> > We do the same, on supported architectures. In addition to reading
> > from CPU HWRNGs extremely early in the kernel, the bootloader
> > provides a seed. Then, once userland is ready, all entropy is
> > consolidated.
> > 
> > At the risk of recieving more angry private emails from Mr. de Raadt,
> > (in the bootblocks!), if what OpenBSD does satisfies you, what
> > NetBSD does should also satisfy you.
> 
> For the OpenBSD strategy to work, the system needs to actually refuse
> to run if the seed can't be loaded (or full entropy achieved in some
> other way).  NetBSD doesn't do that.  As long as there is any way
> userland can start before full entropy has been achieved, all APIs
> that provide randomness for security purposes must support blocking
> (or returning errors).

Why? Like I said, we don't have a working 127.0.0.1 when userland starts
and that is an essential part of the Unix network stack.

Joerg