On 14.09.2017 20:02, Thiago Macieira wrote:
On Thursday, 14 September 2017 08:18:05 PDT Giuseppe D'Angelo wrote:
Il 14/09/2017 17:01, Thiago Macieira ha scritto:
2. Add "rng-tools" to the image for inputting entropy to the kernel
- Speeds up initialization of nonblocking pool
- On devices with HW random generator, this adds real entropy to the
kernel
pool - On devices without HW random generator, this adds bad entropy from
/dev/urandom to the kernel pool
Huh? Adding entropy from /dev/urandom back to /dev/urandom? This is worse
than the "rob Peter to pay Paul" - you want to rob Peter to pay Peter.
It's a myth of some crazy tutorials and broken default configurations
found on the internet. Don't do that!
By the way, it's strange that the entropy is emptied just after boot
(which is when there should be plenty of I/O to refill the entropy pool).
The entropy pool starts empty at boot. How much data is required to fill it
enough for the kernel's needs will vary from device to device. The faster your
device and the more I/O it does, the faster that will happen. A HWRNG will
also help, but it will clearly start with no entropy either, so how soon it
will work is again dependent on the implementation.
On my Skylake system, which does have a HWRNG, it takes 3.8 seconds after boot
for the random system on Linux to be up to speed. But that's slow enough that
several system services have already started:
$ dmesg | grep random:
[ 3.475259] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475305] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475328] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475612] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475634] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475643] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475655] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475662] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475667] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.475715] random: systemd: uninitialized urandom read (16 bytes read)
[ 3.837995] random: crng init done
Thank you all for your comments. We'll setup the rng-tools which will
feed entropy to the kernel from /dev/hwrng as suggested in the kernel
documentation https://www.kernel.org/doc/Documentation/hw_random.txt.
I think we'll just have to accept blocking for the devices without
hwrng. I don't know if we really support any such devices. If we do and
boot time is essential for those, we'll have to figure out some way
(probably saving entropy over reboot).
_______________________________________________
Development mailing list
[email protected]
http://lists.qt-project.org/mailman/listinfo/development
