diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-03-06 22:15:44 -0700 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-03-14 19:47:13 +0000 |
commit | ffa047a03e4c5f6bd3af73b7eecb99cd230fe204 (patch) | |
tree | ec7d89170b956d63cb5ac04a4e77251d77aea7bc /NEWS | |
parent | e28770e3674c42365eb22adf35a556e8cccb9bfb (diff) | |
download | systemd-ffa047a03e4c5f6bd3af73b7eecb99cd230fe204.tar.gz |
random-util: remove RDRAND usage
/dev/urandom is seeded with RDRAND. Calling genuine_random_bytes(...,
..., 0) will use /dev/urandom as a last resort. Hence, we gain nothing
here by having our own RDRAND wrapper, because /dev/urandom already is
based on RDRAND output, even before /dev/urandom has fully initialized.
Furthermore, RDRAND is not actually fast! And on each successive
generation of new x86 CPUs, from both AMD and Intel, it just gets
slower.
This commit simplifies things by just using /dev/urandom in cases where
we before might use RDRAND, since /dev/urandom will always have RDRAND
mixed in as part of it.
And above where I say "/dev/urandom", what I actually mean is
GRND_INSECURE, which is the same thing but won't generate warnings in
dmesg.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -95,6 +95,20 @@ CHANGES WITH 251: handling, and improving compatibility with home directories intended to be portable like the ones managed by systemd-homed. + * All kernels supported by systemd mix RDRAND (or similar) into the + entropy pool at early boot. This means that on those systems, even + if /dev/urandom is not yet initialized, it still returns bytes that + that are at least as high quality as RDRAND. For that reason, we no + longer have reason to invoke RDRAND from systemd itself, which has + historically been a source of bugs. Furthermore, kernels ≥5.6 provide + the getrandom(GRND_INSECURE) interface for returning random bytes + before the entropy pool is initialized without warning into kmsg, + which is what we attempt to use if available. By removing systemd's + direct usage of RDRAND, x86 systems ≥Broadwell that are running an + older kernel may experience kmsg warnings that were not seen with + 250. For newer kernels, non-x86 systems, or older x86 systems, + there should be no visible changes. + CHANGES WITH 250: * Support for encrypted and authenticated credentials has been added. |