Ensure enough entropy is available when setting up persistence
Copying from the description of #11897:
Given I just installed Tails on a USB stick When I boot it for the first time Then I want to have good entropy to create the persistent storage
#2 Updated by segfault about 1 month ago
I propose that in
tails-persistence-setup, when creating the encrypted persistence partition, we check that the current entropy of the kernel's RNG is high enough to provide good random numbers for the LUKS key generation.
I found that the
luks_format function in
src/plugins/crypto.c in the
libblockdev repo, which is used via
udisks to format the persistent volume as LUKS, takes a
min_entropy parameter and blocks until this amount of entropy is available. Unfortunately, udisks doesn't allow specifying this parameter and always sets it to 0.
But we can easily do this check ourselves, by reading
/proc/sys/kernel/random/entropy_avail. This file contains the available entropy, in bits (see http://man7.org/linux/man-pages/man4/random.4.html). We should check that this is >= 256 (for the 256 bit AES key).