/just-use

Just Use /dev/urandom -- now with more safety at early boot

Primary LanguageRustGNU General Public License v2.0GPL-2.0

just-use

Because you should Just Use /dev/urandom (TM) 1. This has been the correct advice for generating random numbers on Linux (and other Unixes) for a long time, however there's one situation in which it's not correct: At early boot.

/dev/urandom will happily return data before the kernel's random number generator has been fully seeded. This kernel module solves that. It will refuse to return random numbers before it can do so safely -- after that point (which is generally hit in early boot), it'll never block. It's a completely safe drop-in replacement 2 for the kernel's existing /dev/urandom as a result. You can also use it to replace /dev/random.

Usage:

$ make
$ sudo insmod justuse.ko
$ DEVICE_NUMBER=$(grep "justuse" /proc/devices | awk '{print $1}')
$ sudo mknod /dev/urandom c $DEVICE_NUMBER 0
$ sudo mknod /dev/random c $DEVICE_NUMBER 0

And that's it! Include in your system boot configuration to ensure that your random numbers are great on every boot!

Currently only builds on x86-64, but if you're interested in other architectures, please file an issue and we'll make it happen! Also it's written in Rust (currently requires a nightly Rust), so memory safety!

Footnotes

  1. Nowadays you should probably Just Use getrandom(2), but that's besides the point.

  2. We're actually missing two compatibility feature: poll() support (it currently always reports as both readable and writable, when used as /dev/random, and support for ioctl()s on the device.