Bug#898814: When I log in, it hangs until crng init done

2018-12-14 Thread Xilin Sun 
On Fri, 14 Dec 2018 15:13:08 -0800 Xilin Sun  wrote:
> On Fri, 14 Dec 2018 11:04:40 +0100 Yves-Alexis Perez  
> wrote:
> > I don't have good solutions right now. With 4.19 and if your CPU has an RNG
> > you're willing to trust, you'll be able to pass random.trust_cpu=yes to the
> > kernel command line, which should help seeding the RNG.
>
> Just took at look at the /boot/config-4.19.0-trunk-amd64 file from
> Debian, and saw this:
>
> # CONFIG_RANDOM_TRUST_CPU is not set
>
> It seems that you have to compile your own kernel to enable
> random.trust_cpu to try this option at this time.
Just read the message on the patch by Ted Ts'o:
https://lkml.org/lkml/2018/7/17/1279

It seems Debian will never ever enable this option by default. Unless
you compile your own kernel, rng-tools5 or haveged is the solution to
such bugs.

Bug#898814: When I log in, it hangs until crng init done

2018-12-14 Thread Xilin Sun 
On Fri, 14 Dec 2018 11:04:40 +0100 Yves-Alexis Perez  wrote:
> I don't have good solutions right now. With 4.19 and if your CPU has an RNG
> you're willing to trust, you'll be able to pass random.trust_cpu=yes to the
> kernel command line, which should help seeding the RNG.

Just took at look at the /boot/config-4.19.0-trunk-amd64 file from
Debian, and saw this:

# CONFIG_RANDOM_TRUST_CPU is not set

It seems that you have to compile your own kernel to enable
random.trust_cpu to try this option at this time.

Bug#898814: When I log in, it hangs until crng init done

2018-12-14 Thread Xilin Sun 
On Fri, 14 Dec 2018 11:04:40 +0100 Yves-Alexis Perez  wrote:
> On Fri, 2018-12-14 at 10:24 +0100, Yves-Alexis Perez wrote:
> > Something puzzles me with all those issues: as far as I can tell, on most
> > install, systemd-random-seed.service should save a seed at shutdown and
> > restore it at startup, and this (I think) should be enough to properly init
> > the RNG.
> >
> > Can you check if the service has been run in your case?
>
> Hi again,
>
> actually don't bother, I was pointed to [1] which has explanations. The random
> seed load is done by just writing to /dev/urandom which doesn't  credit
> entropy [2].
Hi,

That service appears to be running normal on the machine with this
bug. As you said, it cannot be the cause.

> I don't have good solutions right now. With 4.19 and if your CPU has an RNG
> you're willing to trust, you'll be able to pass random.trust_cpu=yes to the
> kernel command line, which should help seeding the RNG.
The CPU on the machine with the bug does have an hardware RNG. I will
test this option once I have linux-image-amd64 4.19 installed.

Bug#898814: When I log in, it hangs until crng init done

2018-12-14 Thread Vincent Lefevre 
On 2018-12-14 11:23:39 +0100, Vincent Lefevre wrote:
> Interesting. On a machine where I have no such issues, I can see
> in journalctl info at shutdown:
> 
> Dec 13 15:44:14 zira systemd[1]: Stopping Load/Save Random Seed...
> [...]
> Dec 13 15:44:14 zira systemd[1]: Stopped Load/Save Random Seed.
> 
> but no such lines on a machine where the issue is present.

Sorry, I have these lines on both machines (I forgot the -1
after "journalctl -b" on one of the machines).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#898814: When I log in, it hangs until crng init done

2018-12-14 Thread Vincent Lefevre 
On 2018-12-14 10:24:51 +0100, Yves-Alexis Perez wrote:
> Something puzzles me with all those issues: as far as I can tell, on most
> install, systemd-random-seed.service should save a seed at shutdown and
> restore it at startup, and this (I think) should be enough to properly init
> the RNG.
> 
> Can you check if the service has been run in your case?

Interesting. On a machine where I have no such issues, I can see
in journalctl info at shutdown:

Dec 13 15:44:14 zira systemd[1]: Stopping Load/Save Random Seed...
[...]
Dec 13 15:44:14 zira systemd[1]: Stopped Load/Save Random Seed.

but no such lines on a machine where the issue is present.

Any idea of the cause of the difference?

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#898814: When I log in, it hangs until crng init done

2018-12-14 Thread Yves-Alexis Perez 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, 2018-12-14 at 10:24 +0100, Yves-Alexis Perez wrote:
> Something puzzles me with all those issues: as far as I can tell, on most
> install, systemd-random-seed.service should save a seed at shutdown and
> restore it at startup, and this (I think) should be enough to properly init
> the RNG.
> 
> Can you check if the service has been run in your case?

Hi again,

actually don't bother, I was pointed to [1] which has explanations. The random
seed load is done by just writing to /dev/urandom which doesn't  credit
entropy [2].

But there's apparently an RFC [3] for crediting that. It's just a bit
complicated to impose trust on downstream users.

[1] https://bugs.debian.org/912087#118 
[2] 
https://sources.debian.org/src/systemd/239-15/src/random-seed/random-seed.c/#L108
[3] https://github.com/systemd/systemd/pull/10621

I don't have good solutions right now. With 4.19 and if your CPU has an RNG
you're willing to trust, you'll be able to pass random.trust_cpu=yes to the
kernel command line, which should help seeding the RNG.

Regards,
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlwTgDgACgkQ3rYcyPpX
RFsyoAgAkbtHav7ce39vm+XnPJJeH7mBNRd3ff28Uy3JMQcweet1jKcqMDm0po/T
4f+zCGhHuR6/spuO+esHF7/jSRG8QW00jSqW7+9HW8EdUu8MdYMyg6/119U7RLXm
BqrjcXlWgpDYS+QcTGV939EAlhhA1QvpftuZ5stzLnl1Q4OTiMEfSCubFACB0knl
q7tpEUQTFywFD4oSAXiShLacUwSbxDkBbUcjZFHiFVpUDCs6JHdZvCt+giNxZrF0
8niQlxzlhaML2976lZQbfOjOVWVY8o2oVdDlr/7KhE1uivXpE82A/LZNCZwM1Dm5
c4OwK5tBoBGSgcTSJw8j9BvtL+ZvWQ==
=NQnp
-END PGP SIGNATURE-

Bug#898814: When I log in, it hangs until crng init done

2018-12-14 Thread Yves-Alexis Perez 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 2018-12-12 at 14:25 -0800, Xilin Sun wrote:
> On Wed, 16 May 2018 14:55:07 +0800 =?utf-8?B?56mN5Li55bC8?= Dan
> Jacobson  wrote:
> > Package: linux-image-4.16.0-1-amd64
> > 
> > I am also experiencing:
> > https://unix.stackexchange.com/questions/442698/when-i-log-in-it-hangs-until-crng-init-done
> 
> I am also experiencing this bug on my sid amd64 on a laptop (Acer Aspire
> S3).
> 
> Linux 4.18.0-3-amd64 #1 SMP Debian 4.18.20-2 (2018-11-23) x86_64 GNU/Linux
> 
> Installing and enabling haveged (http://www.issihosts.com/haveged/)
> solved this issue for me.

Something puzzles me with all those issues: as far as I can tell, on most
install, systemd-random-seed.service should save a seed at shutdown and
restore it at startup, and this (I think) should be enough to properly init
the RNG.

Can you check if the service has been run in your case?
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlwTduMACgkQ3rYcyPpX
RFtASggAxyL/vgfbbHNTsWpyXKuTlXmPJFTWGYTsZ8uVB0t+8ndehIyr4XHihEpe
3F9VyqRtBXqNN4wtsw0rb199lXZTkxJJ5DOHWRKR5fnlsVYo2hv2PJtchNM89OpK
jXyuNuIooAZjpQf+xan3JSJRSEHhaBqcNp1AzQy8I3Sbw+rFil19jVLja7orOrbr
ODR0zZyjQCtE5W7Q8yjiFE/JrnvvATQ8fndGrVA3gjydRx53gMqgvVvE+hOwySqL
z8jdmgUeh2mtj/z/XdGeDM8cavqOLFzI1NBGiF0iJJlDuJR3ljYzqaskVIyy8ezr
ZlQ3IOPkbdteOOtQq5ri5ClHK/FLcw==
=5t4I
-END PGP SIGNATURE-

Bug#898814: When I log in, it hangs until crng init done

2018-12-12 Thread Xilin Sun 
On Wed, 16 May 2018 14:55:07 +0800 =?utf-8?B?56mN5Li55bC8?= Dan
Jacobson  wrote:
> Package: linux-image-4.16.0-1-amd64
>
> I am also experiencing:
> https://unix.stackexchange.com/questions/442698/when-i-log-in-it-hangs-until-crng-init-done

I am also experiencing this bug on my sid amd64 on a laptop (Acer Aspire S3).

Linux 4.18.0-3-amd64 #1 SMP Debian 4.18.20-2 (2018-11-23) x86_64 GNU/Linux

Installing and enabling haveged (http://www.issihosts.com/haveged/)
solved this issue for me.

Processed: Re: Bug#898814: When I log in, it hangs until crng init done

2018-07-24 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 898814 4.17.8-1
Bug #898814 [src:linux] When I log in, it hangs until crng init done
Marked as found in versions linux/4.17.8-1.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
898814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898814
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#898814: When I log in, it hangs until crng init done

2018-07-24 Thread Vincent Lefevre 
On 2018-05-16 14:55:07 +0800, 積丹尼 Dan Jacobson wrote:
> I am also experiencing:
> https://unix.stackexchange.com/questions/442698/when-i-log-in-it-hangs-until-crng-init-done

I have the same problem (when logging via lightdm).

One of the answers says "Apparently updating util-linux 2.32 should
fix the issue" but this is not true since I have util-linux 2.32-0.1.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#898814: When I log in, it hangs until crng init done

2018-05-15 Thread 積丹尼 Dan Jacobson 
Package: linux-image-4.16.0-1-amd64

I am also experiencing:
https://unix.stackexchange.com/questions/442698/when-i-log-in-it-hangs-until-crng-init-done