On 9/25/2013 2:19 PM, Roberto Spadim wrote: > >hi david! >do you have a patch about this hack?
Actually Fedora 18 fixes the primary problems. It has an update to rngd so that it uses RdRand and it gets invoked properly. I passed information on to RedHat about the problems and they fixed it in Fedora 18. A colleague submitted patches to rngd to add the ability for it to use RdRand as a source.
The only remaining problem is the kernel threshold parameter that causes it to decide at what level of entropy in the pool it will start to pull more entropy in through rngd.
It defaults to a low level, but there is high demand during the boot process, which results in entropy starvation and /dev/random blocking during the boot process. I checked this by using bootchart which can log the level of entropy in the kernel entropy pool during the boot sequence. With a higher threshold and lots of entropy available through RdRand through rngd, the pool remains full or close to full during the boot sequence. Check 'write_wakeup_threshold' in the man page.. http://man7.org/linux/man-pages/man4/random.4.html.
It defaults to 128. On my Ivy Bridge system I set it to 3072: [root@deadhat ~]# cat /proc/sys/kernel/random/write_wakeup_threshold 3072 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
