Entropy Key on *BSD…
Up until now, we’ve only talked about supporting the Simtec Entropy Key on Linux. However, Debian are trying to sort out a kFreeBSD kernel based version of their OS, and lots of security-conscious people use OpenBSD , so, yesterday, I set about trying to get the Entropy Key software working on the BSDs. I had written a userland USB daemon for the Entropy Key on Wednesday, using libusb and since libusb supports FreeBSD, I settled down with a VM of FreeBSD and tried to get an Entropy Key to play ball.
Building on the efforts of my colleague, having made the software
compile (which revealed many glibc/linux-specific issues which were fun
to fix, and then various Debian/RedHat specific bits of Lua packaging
which I had to fix) and then made it run (which required further
fettling of the ports of lua-posix on FreeBSD) I finally had an ekeyd
which would start in EGD mode at least. The FreeBSD port of
luasocket
doesn’t enable UNIX domain sockets, so I added support to ekeyd to
notice if unix domain sockets weren’t compiled into luasocket and just
ignore them, requiring TCP control and EGD sockets.
Finally, after a lot of swearing and poking at things some more, I did
manage to get an Entropy Key plugged into the VM and with ekey-ulusbd
talking to the key, and ekeyd talking to that, I had it gathering
entropy quite happily. Indeed once I had ironed out all of the niggles,
it worked quite well. So we’ll be shipping with instructions for
building on FreeBSD at least.
Then I moved on to OpenBSD. At first glance I was excited that OpenBSD
seemed to be better packaged. Indeed, the OpenBSD packages for Lua,
luaposix and luasocket appeared to be much better done, indeed I didn’t
need to fettle the luaposix package so it’d load properly, and the
luasocket package appeared to have been built with UNIX domain socket
support. Excellent news thought I, and proceeded to plug in an Entropy
Key to see what the kernel would say. Imagine my shocked joy at seeing
OpenBSD merrily say “oh yes, that is a USB serial port/modem thingy, no
problems.” I was very happy because this meant that I wouldn’t need
ekey-ulusbd on OpenBSD, although OpenBSD was carrying a copy of libusb
too. However I then couldn’t find the device node for ‘ucom0’ or
‘umodem0’ (/dev/ttyU0 did nothing) and all in all, I was a bit
disheartened. So I went back to the libusb option, but couldn’t work out
what the bus/device match would be, wrote a simple lsusb~~alike in
order to try and find out, and discovered that while libusb was built
and packaged for OpenBSD, it simply didn’t work.
So, having given up on getting OpenBSD going any time soon, I went back
to FreeBSD to try and work out how to get things to happen automatically
when you plug a key in. I found devd and after reading manpages and
looking at examples, decided to try and write an attach event for
Entropy Keys. Unfortunately I couldn’t make devd seem to read my
rules, let alone try and run them. The debug from devd confused my
poor little Linux-centric brain, and so I gave up again.
So, to the crux of the matter…
Dear Lazyweb,
Please can you help me to understand where the device nodes for the `umodem0` TTY will turn up in OpenBSD, and also can you help me write appropriate `devd` rules for FreeBSD.
Thanks,
Daniel.
P.S. please email me on dsilvers digital-scurf.org if you actually have something helpful :~~)