Control: tag -1 patch pending Hi,
Ben Hutchings <b...@decadent.org.uk> (2019-04-17): > Ideally it would only be used if there isn't a hardware RNG available. > Currently we don't include any hardware RNG modules in udebs, but that > can be changed. So please first check that: > > * /sys/devices/virtual/misc/hw_random/rng_current is absent or > contains "none" > * (x86 only) /proc/cpuinfo does not mention rdrand (I can't find an > arch-independent way to check for this, and Linux doesn't yet > support an equivalent feature on any other architecture) > > Something like this should work: > > if [ "$(cat /sys/devices/virtual/misc/hw_random/rng_current 2>/dev/null || > echo none)" = none ] \ > && ! grep -q '^flags\b.*\brdrand\b' /proc/cpuinfo; then > # use software entropy daemon > fi Many thanks for your input and for the suggested implementation. I've tweaked it a little so that we log whether haveged is available, and whether it should be started, in case we need to investigate: https://salsa.debian.org/installer-team/rootskel/blob/master/src/lib/debian-installer-startup.d/S50entropy-source I think I've tested all cases: - when haveged-udeb hasn't been added to src:debian-installer's pkg-lists yet - with the default Skylake-Client in libvirt, which leads to an rdrand CPU flag; - with a core2duo CPU instead, which has no such flag; - with the same CPU, but with a VirtIO RNG enabled, and those extra kernel modules in my netboot-gtk image: lib/modules/4.19.0-4-amd64/kernel/drivers/char/hw_random/rng-core.ko lib/modules/4.19.0-4-amd64/kernel/drivers/char/hw_random/virtio-rng.ko lib/modules/4.19.0-4-amd64/kernel/drivers/virtio/virtio.ko lib/modules/4.19.0-4-amd64/kernel/drivers/virtio/virtio_ring.ko which leads to a virtio_rng.0 in …/hw_random/rng_current. So I've just uploaded a new version of rootskel (1.129), and pushed a new commit to debian-installer: https://salsa.debian.org/installer-team/debian-installer/commit/c470001925d067b42cdf613339634f4d54ed01b6 The haveged-udeb addition was already uploaded and also ACCEPTED from NEW. I'll keep an eye on the daily builds. Cheers, -- Cyril Brulebois (k...@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature