Re: Do grub-mkrescue GPT GUIDs need more entropy than --fs-uuid gets ?

From:

Michael Zimmermann

Subject:

Date:

Sun, 14 Aug 2016 07:03:42 +0200

couldn't we generate GUID's based on the current git revision?

this way you reproduce the ISO without even looking at the timestamp.

I don't know anything about the entropy requirements though. Lets wait for a reply of the maintainers about that.

Thanks

Michael

On Thu, Aug 11, 2016 at 9:55 PM, Thomas Schmitt <address@hidden> wrote:

Hi,

i am discussing with Chris Lamb on address@hiddenalioth.debian.org
how to make production of bootable ISOs reproducible. The last (yet known)
obstacle are the pseudo-random GUIDs of the GPT which is produced for EFI
bootability.

Up to this obstacle it turned out that it will suffice to use the same
input file tree and the same overall timestamp with xorriso -as mkisofs
option
--modification-date=YYYYMMDDhhmmsscc
which was originally introduced for grub-mkrescue to match in grub.cfg
search --fs-uuid --set YYYY-MM-DD-hh-mm-ss-cc

I am now wondering whether it would be ok for grub-mkrescue if the GUIDs
of the GPT would be derived reproducibly from this timestamp by default.
(Currently they stem from /dev/urandom.)

These GUIDs will of course be unique inside the GPT. But their entropy
will be low and collisions with other ISOs could happen systematically
because of nearly identical production times.
Well, this can happen to the ISO 9660 --fs-uuid string under the same
circumstances.

So my question:
Is there any reason known why the GPT GUID needs to have better randomness
than the "search --fs-uuid" string ?

Have a nice day :)

Thomas

_______________________________________________
Grub-devel mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/grub-devel