On Wed, Jan 08, 2020 at 08:17:13PM +0000, Luca Filipozzi wrote: > Every time I propose the use of haveged to resolve entropy starvation, I > get reactions from crypto folks saying that it's not a valid solution. > They invariably suggest that passing hardware RNG through to the VM is > the appropriate choice. > > The latest such reaction being from mjg59. See: > https://twitter.com/mjg59/status/1181423056268349441 > https://twitter.com/LucaFilipozzi/status/1181426253636755457
Yeah, this is my understanding as well. But it's not like the haveged developers are clueless, either, and there's a decent amount of research behind their approach. I can't pretend to understand the details of it, though. Even if passing entropy from the host to the VM is the right approach, it's not something we can take advantage of today, due to lack of support both within EC2 and within Debian. I'll follow up with the kernel team to gauge their level of support for enabling CONFIG_RANDOM_TRUST_BOOTLOADER (and backporting it to buster). If the kernel team is supportive of the EFI_RNG+CONFIG_RANDOM_TRUST_BOOTLOADER approach, would folks be in favor of enabling haveged temporarily, until kernel support is available, or is it better to avoid it completely? noah
