From f103b5cf6f817c98f84ea424ec36301af8b7cc37 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Wed, 25 Mar 2026 19:58:23 +0000 Subject: lbutils: clarify design regarding urandom/getrandom Signed-off-by: Leah Rowe --- util/libreboot-utils/lib/rand.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'util/libreboot-utils/lib') diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c index 5bf03239..dccf3646 100644 --- a/util/libreboot-utils/lib/rand.c +++ b/util/libreboot-utils/lib/rand.c @@ -32,6 +32,30 @@ #include "../include/common.h" +/* Regarding Linux getrandom/urandom: + * + * For maximum security guarantee, we *only* + * use getrandom via syscall, or /dev/urandom; + * use of urandom is ill advised. This is why + * we use the syscall, in case the libc version + * of getrandom() might defer to /dev/urandom + * + * We *abort* on error, for both /dev/urandom + * and getrandom(), because the BSD arc4random + * never returns with error; therefore, for the + * most parity in terms of behaviour, we abort, + * because otherwise the function would have two + * return modes: always successful (BSD), or only + * sometimes (Linux). The BSD arc4random could + * theoretically abort; it is extremely unlikely + * there, and just so on Linux, hence this design. + * + * This is important, because cryptographic code + * for example must not rely on weak randomness. + * We must therefore treat broken randomness as + * though the world is broken, and burn accordingly. + */ + void rset(void *buf, size_t n) { @@ -83,10 +107,6 @@ retry_rand: goto out; err: - /* since arc4random always returns - * successful, we treat urandom/getrandom - * failures as fatal and abort accordingly - */ err_no_cleanup(1, ECANCELED, "Randomisation failure, possibly unsupported in your kernel."); exit(EXIT_FAILURE); -- cgit v1.2.1