As part of our continued product development efforts supporting assurance modernization, the Lightship team sometimes develop useful experimental tools or proofs of concepts. A while ago we developed a proof of concept to extract raw unconditioned entropy from a live running Linux system using the SystemTap API to produce loadable kernel modules. This was done as an exercise to explore Linux entropy characteristics. The code has been sitting around relatively unused, so we’ve decided to open it up under the GPL. It has been cleaned up a bit with additional informative comments, but this is proof-of-concept code with no warrant of fitness. You can find it on our GitHub account.
The code tries to be clever in attributing entropy samples from the various sample functions. The attribution helps to understand how an execution profile of a device might affect entropy for the initial PRNG seeding. For example, a headless system with a single low-latency storage disk and no hardware noise source (eg. Intel RDRAND) will be reliant almost entirely on the timing data from those disk accesses. Disk accesses may be intermittent and may be so fast as to provide little timing delta. For an interactive system — especially with a mouse — it is interesting to watch the entropy collection from these input devices. As the entropy samples are captured, it is striking to see how little entropy can be had in each 96-bit sample structure.
We hope that you find the code useful in further understanding entropy in your compatible Linux-based systems. Lightship has since developed a more mature entropy collection mechanism offering more flexibility and a more complete and accurate picture of the entropy entering the PRNG from initial boot. Initial boot analysis is quite important since this is where a lack of entropy in the initial seed can truly undermine the security of long-lived key generation.
For more information about approaches to collecting, decoding and making sense of your entropy sources, talk to Lightship Security.