*** I also tried to post on bugtracker, but I do not see it there ... *** Hi all !
I also ran into this (very) late crng_init problem which prevents login on console or ssh on an embedded system, and reading this kind of "the problem does not come from us, assigned to someone else" behavior makes me feel like the debian community really has a problem. (And reading this : https://github.com/systemd/systemd/issues/4167 gives some weight to my feelings (fixing security issues only if we notice them being exploited !!! wow ...) ) Anyway, for those interested in solving the problem, I made a small programm (160 lines, including comments !) which solves the problem : http://www.nathael.org/Data/Devel/entropy_pool_init.c It's loosely based on what's done by haveged (without the HAVEGE algorithm) and what is in /etc/init.d/urandom and in the "fast init" in the drivers/char/random.c driver. I feel like it's a quite good compromise between speed, complexity and security. May be improved with the real HAVEGE algorithm, but I did not have time to use it, and did not want to have the haveged daemon running forever either (and the packages installed). Compile with : $(CROSS_COMPILE)gcc entropy_pool_init.c -o entropy_pool_init -Wall -Wextra and place result in /sbin (You make have time to create a debian package for this, I don't have time for debian any more). Then modify /etc/init.d/urandom to call entropy_pool_init with saved entropy file as argument : /sbin/entropy_pool_init /var/lib/urandom/random-seed This should replace the (date and cat "$SAVEDFILE" )>/dev/urandom under "start" case. you can even improve by calling this as soon as /proc and /dev are available and date got set (from hwclock), so possibly before eudev/udev on a well configured system with a recent well configured kernel, which will also remove all these kind of messages : [ 3.255107] random: udevd: uninitialized urandom read (16 bytes read) Have fun ! +++ -- Nathael PAJANI Techno-Innov Internet : http://www.techno-innov.fr Twitter : @TechnoInnov
