On Fri., Dec. 9, 2022, 02:05 Xiangyu Chen, <[email protected]> wrote:
> It appears that rngd is not needed as of linux-5.6 and later[1] > and should not be installed by default since the purpose of rngd > is to provide additional trusted sources of entropy. > > We did some testing on real hardware, the result seems to support that > we no longer need rngd by default on kernel v5.6 and later. > > Testing result as below: > > 1. observing the crng init stage. > the "random: crng init done" always available before fs being mounted. > Super. > 2. generating random number without rngd. > testing command: dd if=/dev/random of=/dev/null status=progress > on Marvell CN96xx RDB board, speed almost 20.4 MB/s without block > on NXP i.mx6q board, speed almost 31.9 MB/s without block > on qemu x86-64, speed almost 2.6MB/s without block > > 3. using rngtest command without rngd > testing command: rngtest -c 1000 </dev/random > on Marvell CN96xx RDB board: > rngtest: input channel speed: (min=4.340; avg=135.364; > max=146.719)Mibits/s > rngtest: FIPS tests speed: (min=8.197; avg=69.020; > max=72.800)Mibits/s > rngtest: Program run time: 418771 microseconds > > on NXP i.mx6q board: > rngtest: input channel speed: (min=96.820; avg=326.769; > max=340.598)Mibits/s > rngtest: FIPS tests speed: (min=15.090; avg=37.543; > max=40.324)Mibits/s > rngtest: Program run time: 570229 microseconds > > on qemu x86-64: > rngtest: input channel speed: (min=37.769; avg=101.136; > max=136.239)Mibits/s > rngtest: FIPS tests speed: (min=10.288; avg=30.682; > max=40.155)Mibits/s > rngtest: Program run time: 836800 microseconds > > 4. observing sshd service. > using "systemctl disable rng-tools" disable service and reboot system. > system boot up normal, sshd service also start in normal time without > block. > Nice. Does openssh have more quantitative tests that can be run? For the YP autobuilder tests that run in qemu, do we need, or do we already have, virtio-rng or is that also obsolete ( here's an old link from 2015: https://www.redhat.com/en/blog/red-hat-enterprise-linux-virtual-machines-access-random-numbers-made-easy ). Maybe the thing to do is to just try this change in master-next as usual and see it we get any timeouts from the YP test suite. Thanks, ../Randy > Reference: > [1] > https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32 > > Signed-off-by: Xiangyu Chen <[email protected]> > --- > meta/recipes-connectivity/openssh/openssh_9.1p1.bb | 9 +-------- > 1 file changed, 1 insertion(+), 8 deletions(-) > > diff --git a/meta/recipes-connectivity/openssh/openssh_9.1p1.bb > b/meta/recipes-connectivity/openssh/openssh_9.1p1.bb > index 85f97b1bbb..23ae8d5b0c 100644 > --- a/meta/recipes-connectivity/openssh/openssh_9.1p1.bb > +++ b/meta/recipes-connectivity/openssh/openssh_9.1p1.bb > @@ -52,15 +52,12 @@ SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" > > inherit autotools-brokensep ptest > > -PACKAGECONFIG ??= "rng-tools" > +PACKAGECONFIG ??= "" > PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" > PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" > PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" > PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" > > -# Add RRECOMMENDS to rng-tools for sshd package > -PACKAGECONFIG[rng-tools] = "" > - > EXTRA_AUTORECONF += "--exclude=aclocal" > > # login path is hardcoded in sshd > @@ -160,10 +157,6 @@ FILES:${PN}-keygen = "${bindir}/ssh-keygen" > > RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen > ${PN}-sftp-server" > RDEPENDS:${PN}-sshd += "${PN}-keygen > ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit > pam-plugin-loginuid', '', d)}" > -RRECOMMENDS:${PN}-sshd:append:class-target = "\ > - ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ > -" > - > # gdb would make attach-ptrace test pass rather than skip but not worth > the build dependencies > RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed > sudo coreutils" > > -- > 2.34.1 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174438): https://lists.openembedded.org/g/openembedded-core/message/174438 Mute This Topic: https://lists.openembedded.org/mt/95556189/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
