Hello,
I've examined what is shared between AppVMs that use the same template with focus on security and discussed that with the Qubes team. I've found that /var/lib/systemd/random-seed is stored on /, which means:
1. Subsequent starts of a non-standalone VM use the same random-seed unless the underlying TemplateVM shutdown is performed between those two AppVM boots.
2. Two different AppVMs with the same TemplateVM may be seeded with the same initial random seed
2.1. This also applies between AppVM and TemplateVM. Such attacks are more attractive (as compromising entire TemplateVM is attractive), but they should be much less likely, as users are supposed to do limited set of tasks with a very limited network access.
3. When cloning a TemplateVM (either to another TemplateVM or to a StandaloneVM), the new VM gets initially the same random seed. It should, however, diverge after some time, so this issue is less serious.
4. Marek has confirmed that initial random seeds are predistributed with the ITL templates.
However, it is not as bad as it might look:
1. If haveged is used (i.e. on all ITL templates except fedora-minimal), it generates new entropy very quickly. Users of fedora-minimal should, however, be careful and consider installing haveged.
2. Quoting Marek: “the template is automatically started during its installation, so
the new random seed will be saved. Not sure how predictable that new
value is...”
3. According to Marek, systemd-random-seed only pushes the seed to the entropy pool, but does not increase the entropy_avail. As a result, this issue affects only /dev/urandom, while /dev/random seems to be unaffected. Even better, this means that haveged reaches low water mark immediatelly and starts gathering new entropy (if haveged is present), which minimizes the issue.
Impact:1. Long-term keys: They are usually recommended to be generated from /dev/random, so they should be usually unaffected. The cryptsetup uses /dev/urandom by default, but cryptsetup is typically not used in AppVMs.
2. Short-term keys can be affected in some cases, mostly on fedora-minimal, when you don't haveged installed.
3. Cryptographic nonces can be affected. If user is unlucky enough, he might get “ntwices” instead of nonces. Security implication of “ntwices” can vary, but it can be, for example, critical for ECDSA keys and thus for Bitcoin wallets. (Note that there were AFAIK some successful attacks on Bitcoin wallets where was a transaction signed by an Android client with flawed RNG, so such attacks might be practical.) Again, mostly users of fedora-minimal without haveged installed should be worried about this.
Note that users of non-systemd OSes (Debian 7?)
may be affected more, because the random seed scripts may behave differently. If entropy_avail is increased by the random seed script, such issue would also affect /dev/random. Moreover, haveged would probably not reach low water mark so quickly, so the impact would be greater in such case. However, not using systemd does not imply this behavior. Not using systemd just means I don't know how it behaves.
How to fix?Moving random seed to /rw does not fully solve this issue at the moment. The /rw is cloned from the TemplateVM, which is somehow suboptimal.
We've also discussed distributing some entropy from dom0 to AppVMs. Some related discussion:
https://github.com/QubesOS/qubes-issues/issues/673 . While it solves these issues, it makes dom0 potentially more vulnerable to its RNG flaws. I remember a keyboard timing side-channel vulnerability on /dev/random. Maybe dom0 should only provide an one-time random seed in order to lower impact of such vulnerabilities. If an AppVM asks for new random seed second time within one boot, the user should be at least notified.
How to prevent similar issues?This and similar issues could have been found by:
1) deterministic builds of templates (random seed would cause) – can uncover issues like pre-distributed random seed
2) no mutation after reboot (except some whitelist like logs) – can uncover issues like random seed shared between AppVMs
Note that 1) does not uncover issues with packages that are not preinstalled. But such testing can be used on any package. It can uncover issues like shared SSH keys (I remember such issue at one VPS provider that provides VPS templates…) and so on.
Public discussionWe have decided to start a public discussion in order to find the best solution.
Regards,
Vít Šesták 'v6ak'