Up until now, we’ve only talked about supporting the Simtec Entropy Key on Linux. However, Debian are trying to sort out a kFreeBSD kernel based version of their OS, and lots of security-conscious people use OpenBSD , so, yesterday, I set about trying to get the Entropy Key software working on the BSDs. I had written a userland USB daemon for the Entropy Key on Wednesday, using libusb and since libusb supports FreeBSD, I settled down with a VM of FreeBSD and tried to get an Entropy Key to play ball.

Building on the efforts of my colleague, having made the software compile (which revealed many glibc/linux-specific issues which were fun to fix, and then various Debian/RedHat specific bits of Lua packaging which I had to fix) and then made it run (which required further fettling of the ports of lua-posix on FreeBSD) I finally had an ekeyd which would start in EGD mode at least. The FreeBSD port of luasocket doesn’t enable UNIX domain sockets, so I added support to ekeyd to notice if unix domain sockets weren’t compiled into luasocket and just ignore them, requiring TCP control and EGD sockets.

Finally, after a lot of swearing and poking at things some more, I did manage to get an Entropy Key plugged into the VM and with ekey-ulusbd talking to the key, and ekeyd talking to that, I had it gathering entropy quite happily. Indeed once I had ironed out all of the niggles, it worked quite well. So we’ll be shipping with instructions for building on FreeBSD at least.

Then I moved on to OpenBSD. At first glance I was excited that OpenBSD seemed to be better packaged. Indeed, the OpenBSD packages for Lua, luaposix and luasocket appeared to be much better done, indeed I didn’t need to fettle the luaposix package so it’d load properly, and the luasocket package appeared to have been built with UNIX domain socket support. Excellent news thought I, and proceeded to plug in an Entropy Key to see what the kernel would say. Imagine my shocked joy at seeing OpenBSD merrily say “oh yes, that is a USB serial port/modem thingy, no problems.” I was very happy because this meant that I wouldn’t need ekey-ulusbd on OpenBSD, although OpenBSD was carrying a copy of libusb too. However I then couldn’t find the device node for ‘ucom0’ or ‘umodem0’ (/dev/ttyU0 did nothing) and all in all, I was a bit disheartened. So I went back to the libusb option, but couldn’t work out what the bus/device match would be, wrote a simple lsusb~~alike in order to try and find out, and discovered that while libusb was built and packaged for OpenBSD, it simply didn’t work.
So, having given up on getting OpenBSD going any time soon, I went back to FreeBSD to try and work out how to get things to happen automatically when you plug a key in. I found devd and after reading manpages and looking at examples, decided to try and write an attach event for Entropy Keys. Unfortunately I couldn’t make devd seem to read my rules, let alone try and run them. The debug from devd confused my poor little Linux-centric brain, and so I gave up again.
So, to the crux of the matter…

Dear Lazyweb,
Please can you help me to understand where the device nodes for the `umodem0` TTY will turn up in OpenBSD, and also can you help me write appropriate `devd` rules for FreeBSD.
P.S. please email me on dsilvers digital-scurf.org if you actually have something helpful :~~)
Comments on this page are closed.