social.gl-como.it

Can I haz entropy?

A couple of geological ages ago, I stumbled on GnuK on the Maple Mini and our very geeky household decided that we needed a handful of those maple mini clones.

Then there was shipping from China (through the Italian customs), finding a time to play with it, discovering that no, it can't be loaded through the maple bootloader (and semi-bricking two boards in the process), deciding that this was the perfect excuse to buy a BusPirate, and finally, we were able to load both GnuK and NeuG on said semi-bricked boards.

Using debian testing (buster) all prerequisites were available in the distribution: both the toolchain as described in the READMEs and a version of openocd with support for the BusPirate; the configure line from the above article worked just fine and what was left was to follow instructions from Programming the FST-01 (gnuk) with a Bus Pirate + OpenOCD to load the firmware on the boards.

(The NeuG required a slightely different configure line: ./configure --vidpid=234b:0001 --target=MAPLE_MINI, to select the right USB IDs — note that these IDs are only available for experimental uses or under conditions detailed in the READMEs for GnuK and NeuG.)

One note: you may have heard that the BusPirate is slow for this kind of tasks, and I can confirm it. Flashing the NeuG took 325.728790s for 24576 bytes, flashing the bigger GnuK took about half of forever, i.e. about 20 minutes (and the first time it failed with a timeout). Afterwards everything seems to work, but I strongly recommend doing something else in the meanwhile.

Now, why would I need the NeuG, other than simply because HRNGs are cool? Well, #874720 makes it pretty painful to build python-gnupg multiple times in a row¹, and as long as I don't manage to make it run all tests using urandom an HRNG that only costed a few EURs² looks pretty attractive³.

To be continued, as I find time to play with the GnuK and NeuG...

¹ In case you're wondering: the quality of available entropy is not going to impact on the resulting binary: building the package simply drains entropy while generating a handful of throwaway keys in order to run tests.
² if you don't count the PirateBus, but I already wanted one, I was just waiting for an excuse :D
³ of course, haveged would cost even less, but as I said, HRNGs are cool :)
blog (x)