On 13/06/2016 00:56, Etienne Champetier wrote: > Hi Felix, > > 2016-06-12 12:45 GMT+02:00 Felix Fietkau <n...@nbd.name>: >> On 2016-06-11 08:37, Etienne CHAMPETIER wrote: >>> This commit: >>> 1) seed /dev/urandom with a saved seed as early as possible >>> (using /lib/preinit/81_urandom_seed) >>> 2) save a new seed using getrandom() so we are sure /dev/urandom >>> pool is initialized (using /etc/init.d/urandom_seed) >>> >>> seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8) >>> it's the same size as in ubuntu 14.04 and all systemd systems >>> >>> seed file is /etc/urandom.seed (need a writable path) >>> >>> seeding /dev/urandom doesn't change entropy estimation, so we still have >>> "random: ubus urandom read with 4 bits of entropy available" >>> messages in the logs, but we can now ignore them >>> >>> We could also add an urandom.seed at build time to improve first boot >> I'm not sure writing to flash on every single boot on every device is a >> good default behavior. >> > > Just saw your comment, it endend up in spam ... > > Reusing the same seed multiple time is not really recommended, as it > means all boot with same seed are in the same state. > What would be an acceptable behaviour for you? > I could wait for ntp and then check if seed is older than X, but > that's way less robust. > > BTW, we are already writing at every boot for dnsmasq/dnssec > (/etc/dnsmasq.time) >
lets add a system.system.write_state_to_flash_on_boot=0/1 uci option and lock this and the dnssec time stuff with it and default it to 0 ideas what a short/descriptive name for the option would be ? John > Etienne > >> - Felix > > _______________________________________________ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev > _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev