Where does Gramine source its entropy for RA-TLS private key generation?

[fwoodruff]

Could someone MITM between Linux urandom and Gramine's private key generation function? Or does Gramine use an SGX primitive for entropy generation?

[dimakuv]

Gramine uses the RDRAND instruction as the sole source of entropy.

Similarly, RA-TLS (which is not a part of Gramine core per se, but a library that is used together with Gramine) also uses the RDRAND instruction as the sole source of entropy.

Since you're asking about RA-TLS, here are the RA-TLS specific code points:

• gramine/subprojects/packagefiles/mbedtls/include/mbedtls/config-pal.h

  Line 20 in fa437cb

  #define MBEDTLS_ENTROPY_HARDWARE_ALT

  -- RA-TLS uses our own patched version of mbedTLS under the hood (linked statically), which has the MBEDTLS_ENTROPY_HARDWARE_ALT macro that forces mbedTLS to use our own provided mbedtls_hardware_poll() function

• gramine/common/src/crypto/adapters/mbedtls_adapter.c

  Lines 277 to 290 in fa437cb

  	/* mbedTLS library will use this implementation of a hardware entropy collector, see
  	* https://github.com/Mbed-TLS/mbedtls/blob/v3.2.1/include/mbedtls/mbedtls_config.h#L465 */
  	int mbedtls_hardware_poll(void* data, unsigned char* output, size_t len, size_t* olen) {
  	__UNUSED(data);
  	assert(output && olen);
  	*olen = 0;
  	int ret = PalRandomBitsRead(output, len);
  	if (ret < 0)
  	return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
  	*olen = len;
  	return 0;
  	}

  -- our implementation of mbedtls_hardware_poll(), which calls PalRandomBitsRead()

• gramine/pal/src/host/linux-sgx/pal_misc.c

  Lines 779 to 786 in fa437cb

  	int _PalRandomBitsRead(void* buffer, size_t size) {
  	uint32_t rand;
  	for (size_t i = 0; i < size; i += sizeof(rand)) {
  	rand = rdrand();
  	memcpy(buffer + i, &rand, MIN(sizeof(rand), size - i));
  	}
  	return 0;
  	}

  -- PalRandomBitsRead() ends up here, which calls rdrand()

• gramine/common/include/arch/x86_64/cpu.h

  Lines 75 to 83 in fa437cb

  	static inline uint32_t rdrand(void) {
  	uint32_t ret;
  	__asm__ volatile(
  	"1: .byte 0x0f, 0xc7, 0xf0\n" /* RDRAND %EAX */
  	"jnc 1b\n"
  	:"=a"(ret)
  	:: "cc");
  	return ret;
  	}

  -- rdrand() is a wrapper around RDRAND instruction

Could someone MITM between Linux urandom and Gramine's private key generation function?

As can be seen from the above code, no, Gramine and RA-TLS do not use Linux's unrandom. We rely purely on the HW primitives.

[dimakuv]

Before anyone else asks, here's how Gramine emulates the /dev/random and /dev/urandom pseudo-files for the apps:

• gramine/libos/src/fs/dev/fs.c

  Lines 138 to 142 in fa437cb

  	struct pseudo_node* random = pseudo_add_dev(root, "random");
  	random->perm = PSEUDO_PERM_FILE_RW;
  	random->dev.major = 1;
  	random->dev.minor = 8;
  	random->dev.dev_ops.read = &dev_random_read;

• gramine/libos/src/fs/dev/fs.c

  Lines 147 to 152 in fa437cb

  	struct pseudo_node* urandom = pseudo_add_dev(root, "urandom");
  	urandom->perm = PSEUDO_PERM_FILE_RW;
  	urandom->dev.major = 1;
  	urandom->dev.minor = 9;
  	/* /dev/urandom is implemented the same as /dev/random, so it has the same operations */
  	urandom->dev.dev_ops = random->dev.dev_ops;

• gramine/libos/src/fs/dev/fs.c

  Lines 50 to 57 in fa437cb

  	static ssize_t dev_random_read(struct libos_handle* hdl, void* buf, size_t count) {
  	__UNUSED(hdl);
  	int ret = PalRandomBitsRead(buf, count);
  	if (ret < 0)
  	return pal_to_unix_errno(ret);
  	return count;
  	}

So similarly to the RA-TLS case, Gramine core itself uses (and exposes to the app) the interface that uses RDRAND instruction only (a pure HW primitive).