Bug#736126: Please install haveged on physical machines

To: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>, 736126@bugs.debian.org, Holger Levsen <holger@layer-acht.org>
Subject: Bug#736126: Please install haveged on physical machines
From: Philipp Kern <pkern@debian.org>
Date: Sat, 9 Jun 2018 12:07:14 +0200
Message-id: <[🔎] f92b1a74-b38c-3309-66c6-199f9f9e5630@debian.org>
Reply-to: Philipp Kern <pkern@debian.org>, 736126@bugs.debian.org
In-reply-to: <[🔎] 20180608224151.bvrud35vk5hknnc4@bogus>
References: <20140120092217.GC12357@loar> <52DD50CC.30409@svenhartge.de> <CAH8yC8k2wPM6Ukv8MqvLHMrU1ePLrDRkXJLNBsURg8WcD9-aFw@mail.gmail.com> <20180523203520.rjbaneoveok55nsm@bogus> <CAH8yC8k2wPM6Ukv8MqvLHMrU1ePLrDRkXJLNBsURg8WcD9-aFw@mail.gmail.com> <c66414fe34785443f63b5cdc62065bf1741a2391.camel@decadent.org.uk> <20180524090627.uf3asvkb77wijhfa@layer-acht.org> <CAH8yC8k2wPM6Ukv8MqvLHMrU1ePLrDRkXJLNBsURg8WcD9-aFw@mail.gmail.com> <[🔎] 20180608192710.itwnqp7pxdxse6y5@bogus> <[🔎] 20180608193709.4tc43fqrlougdepm@layer-acht.org> <CAH8yC8k2wPM6Ukv8MqvLHMrU1ePLrDRkXJLNBsURg8WcD9-aFw@mail.gmail.com> <[🔎] 20180608224151.bvrud35vk5hknnc4@bogus> <CAH8yC8k2wPM6Ukv8MqvLHMrU1ePLrDRkXJLNBsURg8WcD9-aFw@mail.gmail.com>

On 6/9/18 12:41 AM, Nicolas Braud-Santoni wrote:
> On Fri, Jun 08, 2018 at 07:37:09PM +0000, Holger Levsen wrote:
>> On Fri, Jun 08, 2018 at 09:27:10PM +0200, Nicolas Braud-Santoni wrote:
>>> On virtual machines, however, the data that the HAVEGE algorithm produces
>>> is not necessarily unpredictable [1]; hence, we shouldn't install haveged
>>> on those environments.
>> interesting, thanks! sadly it doesnt say which virtualisation environments
>> were/are affected.
> IIRC, back then VMware ESXi was the only platform virtualizing the rdtsc
> instruction, but 1) I do not have access to it to test (nor do I want to)
> 2) other virtualization platforms, now or in the future, might do this too.

https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/ZufallinVMS/Randomness-in-VMs.pdf?__blob=publicationFile&v=3
has an interesting discussion of the various problems in VMs, but sadly
is also quiet in a bunch of areas because they could not conclusively
deduce *from documentation* what happens with certain hypervisors. On
the other hand they list a bunch of sources we should probably all try
to mix in, on both real and virtualized hardware.

>From a threat model perspective we should not try to defend against an
actively malicious hypervisor. And if people want to very accurately
emulate the hardware so that virtualization is not detectable, they
might not want randomness either / should arrange for it differently if
they need it. So the question is if we can prevent people from shooting
themselves into the foot and making their life actively worse with this
change.

Kind regards
Philipp Kern

Reply to:

References:
- Bug#736126: Please install haveged on physical machines
  - From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
- Bug#736126: Please install haveged on physical machines
  - From: Holger Levsen <holger@layer-acht.org>
- Bug#736126: Please install haveged on physical machines
  - From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>

Prev by Date: di-netboot-assistant_0.54_amd64.changes ACCEPTED into unstable
Next by Date: Re: Installation guide link possibly incorrect
Previous by thread: Bug#736126: Please install haveged on physical machines
Next by thread: Re: Installation guide link possibly incorrect
Index(es):
- Date
- Thread