On Fri, Jun 07, 2019 at 03:37:07PM -0400, Viktor Dukhovni wrote: > > On Jun 7, 2019, at 3:25 PM, Kurt Roeckx <k...@roeckx.be> wrote: > > > > For older kernels you install rng-tools that feeds the hwrng in > > the kernel. > > Which works for me, and is pretty much the point I'm trying to make. > Then, read /dev/random once early at boot, and do nothing special > libcrypto (safely use /dev/urandom).
The only thing rng-tools will actually solve is the starvation issue. No service will depend on it, since they don't have any relationship with it. Nor can you wait for it, it's not because it's started that it has initialized the kernel. I think I've also seen reports that it got started too late, actually after a services that wants to ask the kernel for random numbers. An other solution might be that we enable rdrand/rdseed by default as entropy source, after getentropy() and before /dev/urandom. Kurt
