This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1927692 Title: AWS: out of entropy on Graviton 2 instances types (mg6.*) Status in linux-aws package in Ubuntu: Fix Released Status in linux-aws source package in Focal: Fix Committed Bug description: [Impact] AWS Graviton 2 instances do not have enough entropy available at boot, so any task that require entropy (even reading few bytes from /dev/random) will be stuck forever. [Fix] The proper fix for this problem is to correctly refill the entropy pool with some real random data using some hardware-generated randomness. In the meantime a reasonable workaround can be to apply the following upstream commits: 30c08efec888 random: make /dev/random be almost like /dev/urandom 48446f198f9a random: ignore GRND_RANDOM in getentropy(2) 75551dbf112c random: add GRND_INSECURE to return best-effort non-cryptographic bytes c6f1deb15878 random: Add a urandom_read_nowait() for random APIs that don't warn 4c8d062186d9 random: Don't wake crng_init_wait when crng_init == 1 In this way the system will not run out of entropy and will be able to provide best-effort randomness in any case, preventing the out of entropy issue on the AWS Gravion 2 instances. [Test plan] Execute the following command on any m6g instance: dd bs=32 count=1 if=/dev/random of=/dev/null This should return quickly, if not it means that the system does not have enough entropy available. When the problem happens this command hangs forever. [Where problems could occur] This changes affect the read semantics of /dev/random to be the same as /dev/urandom except that reads will block until the CRNG is ready. This should not materially break any API. Any code that worked without these changes should work at least as well as before. However, applications that have strict randomness requirements might be affected by the provided best-effort randomness, so we may need to apply more commits/changes to introduce a proper hardware entropy support on Graviton 2 instances to provide a better quality of randomness. In the meantime these upstream changes consist a reasonable workaround to prevent applications from hanging forever on the mg6.* instances. [Other Info] SF: #00310204 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1927692/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
