Bug#735448: kfreebsd: trusts the output of VIA hardware RNGs

To: submit@bugs.debian.org
Subject: Bug#735448: kfreebsd: trusts the output of VIA hardware RNGs
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Wed, 15 Jan 2014 14:23:33 +0000
Message-id: <[🔎] 20140115142332.GA16267@squeeze.pyro.eu.org>
Reply-to: Steven Chamberlain <steven@pyro.eu.org>, 735448@bugs.debian.org
In-reply-to: <[🔎] 52D5CF86.2060604@pyro.eu.org>
References: <52ABA9E0.2060003@debian.org> <20131214010823.GC26925@khazad-dum.debian.net> <52AE28D1.3040507@debian.org> <[🔎] 52D5AB5F.10508@pyro.eu.org> <[🔎] 52D5BC4B.90001@debian.org> <[🔎] 52D5CF86.2060604@pyro.eu.org>

Package: src:kfreebsd-9
Version: 9.2-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>
Control: found -1 9.0-10+deb70.5
Control: found -1 9.0~svn223109-0.1
Control: clone -1 -2
Control: reassign -2 src:kfreebsd-8/8.3-6
Control: found -2 8.2-1
Control: found -2 8.0-1

The kernel of FreeBSD since 5.3 supports the Nehemiah RNG in 32-bit VIA
Eden CPU cores. Where available, it is used as the sole provider of
/dev/{,u}random (after some post-processing in hardware).

This affects 32-bit Debian kfreebsd-8 and kfreebsd-9 packages. Since
first being uploaded to sid, kfreebsd-10 had already reworked this
(in SVN r256381) to feed hardware RNGs into Yarrow along with other
entropy sources, so they can be safely used.

Additionally, support for the RNG in 64-bit Via Nano CPU cores was
added to 64-bit builds of kfreebsd-9, version 9.1 and later.

I've no reason to think that VIA or its chip design subsidiary, both
Taiwanese-owned, were involved in the recently disclosed US NSA
anti-encryption programs. But it is clear now that we should not rely
exclusively on hardware RNGs any more.

This will likely be fixed in stable by disabling this RNG by default,
as upstream have done in stable/8 and stable/9. In jessie/sid,
kfreebsd-9 may soon be superseded by kfreebsd-10.

-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Follow-Ups:
- Processed (with 1 errors): kfreebsd: trusts the output of VIA hardware RNGs
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#735448: kfreebsd: trusts the output of VIA hardware RNGs
  - From: Robert Millan <rmh@debian.org>
- Bug#735449: marked as done (kfreebsd: trusts the output of VIA hardware RNGs)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#735449: marked as done (kfreebsd: trusts the output of VIA hardware RNGs)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)
  - From: Robert Millan <rmh@debian.org>
- Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: freebsd-buildutils_10.0-1_kfreebsd-amd64.changes ACCEPTED into unstable
Next by Date: Processed (with 1 errors): kfreebsd: trusts the output of VIA hardware RNGs
Previous by thread: Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)
Next by thread: Processed (with 1 errors): kfreebsd: trusts the output of VIA hardware RNGs
Index(es):
- Date
- Thread