Re: [yocto] long time for starting sshd (wait for crng init done ?)
> Gesendet: Montag, 13. Mai 2019 um 13:45 Uhr > Von: mikko.rap...@bmw.de > An: s...@gmx.li > Cc: yocto@yoctoproject.org > Betreff: Re: [yocto] long time for starting sshd (wait for crng init done ?) > > Hi, > > On Mon, May 13, 2019 at 01:07:45PM +0200, s...@gmx.li wrote: > > >From yocto 2.5 to 2.7 I noticed a change in booting. The kernel stops for > > >around 85 seconds. > > It seems to me that starting sshd takes time until crng init is done. > > In 2.5 it doesn't wait for that. How can I avoid that? > > Maybe I have to add that I use a recipe that adds keys as rootfs is usually > > r/o. > > Depends on your HW platform, kernel version etc, but one possible solution > is installing rng-tools binary package which starts rngd at boot. > > See > http://lists.openembedded.org/pipermail/openembedded-core/2019-May/282021.html > > -Mikko With that in fact to boot time decreases. It stop for a 10..20s after "failed to init entropy", but this is far less than w/o it. Nevertheless, I didn't have stops at all in 2.5, as cnrg init finished only after booting (login message) and boot time is important. run-parts: /etc/network/if-pre-up.d/nfsroot: exit status 1 Starting random number generator daemon Initalizing available sources Failed to init entropy source hwrng Enabling JITTER rng support Initalizing entropy source jitter . random: crng init done Starting OpenBSD Secure Shell server: sshd > > > Another think I have observed (which is not clear to me): I don't get a > > message from system message bus anymore. ??? > > > > Instead of it udevd complains about "specific group 'kvm' unknown. Looking > > into source there are mentioned: > > # The static_node is required on s390x and ppc (they are using MODULE_ALIAS) > > So, can I safely ignore that (use ARM). > > > > > > -- > > ___ > > yocto mailing list > > yocto@yoctoproject.org > > https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] long time for starting sshd (wait for crng init done ?)
On 5/13/19 2:07 PM, s...@gmx.li wrote: > From yocto 2.5 to 2.7 I noticed a change in booting. The kernel stops for > around 85 seconds. > It seems to me that starting sshd takes time until crng init is done. > In 2.5 it doesn't wait for that. How can I avoid that? > Maybe I have to add that I use a recipe that adds keys as rootfs is usually > r/o. > > Another think I have observed (which is not clear to me): I don't get a > message from system message bus anymore. ??? > > Instead of it udevd complains about "specific group 'kvm' unknown. Looking > into source there are mentioned: > # The static_node is required on s390x and ppc (they are using MODULE_ALIAS) > So, can I safely ignore that (use ARM). > > There was recently a discussion on this in the oe-core mailing list (Search for "[OE-core] [PATCH 2/2] openssh: usable sshd depends on rngd from rng-tools", be sure to read the whole thread.) Assuming you are using certain cryptography resources, the system is waiting for enough entropy for a good random number set. Often you may need to enable rngd, or up the quality of the kernel hardware random number generators, as many are set very low. (Often the hardware random number generator you have is of sufficient quality that the quality level can be increased to generate random numbers more quickly.) Be aware of the ramifications if you make these changes to your system -- as faster entropy generation does not necessarily equal quality. There are numerous incorrect assumptions about entropy and the kernel for these. Above all else, do not use /dev/urandom as an entropy source for /dev/random. That is simply not safe to do. What you do NOT want to do is figure out that you are booting 10k boards in a factory and they all end up getting exactly the same random numbers and thus identical keys. (Yes this has happened in the past!) --Mark -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] long time for starting sshd (wait for crng init done ?)
Hi, On Mon, May 13, 2019 at 01:07:45PM +0200, s...@gmx.li wrote: > >From yocto 2.5 to 2.7 I noticed a change in booting. The kernel stops for > >around 85 seconds. > It seems to me that starting sshd takes time until crng init is done. > In 2.5 it doesn't wait for that. How can I avoid that? > Maybe I have to add that I use a recipe that adds keys as rootfs is usually > r/o. Depends on your HW platform, kernel version etc, but one possible solution is installing rng-tools binary package which starts rngd at boot. See http://lists.openembedded.org/pipermail/openembedded-core/2019-May/282021.html -Mikko > Another think I have observed (which is not clear to me): I don't get a > message from system message bus anymore. ??? > > Instead of it udevd complains about "specific group 'kvm' unknown. Looking > into source there are mentioned: > # The static_node is required on s390x and ppc (they are using MODULE_ALIAS) > So, can I safely ignore that (use ARM). > > > -- > ___ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] long time for starting sshd (wait for crng init done ?)
>From yocto 2.5 to 2.7 I noticed a change in booting. The kernel stops for >around 85 seconds. It seems to me that starting sshd takes time until crng init is done. In 2.5 it doesn't wait for that. How can I avoid that? Maybe I have to add that I use a recipe that adds keys as rootfs is usually r/o. Another think I have observed (which is not clear to me): I don't get a message from system message bus anymore. ??? Instead of it udevd complains about "specific group 'kvm' unknown. Looking into source there are mentioned: # The static_node is required on s390x and ppc (they are using MODULE_ALIAS) So, can I safely ignore that (use ARM). -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
